The Passenger Personal Data Protection Policy (“Policy”) contains information about the processes through which Taksicim Mobile Technology (“TAKSİCİM”) processes passenger personal data. The Policy also includes explanations regarding the security of your personal data, the principles we consider when processing your personal data, and your rights regarding your personal data.

If you have any questions regarding the processing of your personal data, you can contact us at kisiselveriler@taksicim.net.
1. YOUR PERSONAL DATA PROCESSED
The personal data we process is as follows:
• Identity: Name-surname, gender, passenger ID.
• Contact: Mobile phone, email, address, and favorite address information.
• Payment Information: Payment methods, payment amount, payment method, invoice and payment details, the first six and last two digits of your credit card.
• Trip Information: Trip route, starting and ending points, trip dates, times and durations, trip amount and number.
• Passenger Transaction Information: Request and complaint information, call center contact information.
• Location Information: Location information obtained through your mobile device.
• Transaction Security: Device operating system, IP address, user transaction records on the app, and password.
• Legal Transaction Information: Correspondence with judicial authorities, information regarding litigation/enforcement files in the event of a dispute.
• Risk Management: Information regarding the prevention of suspicious or unlawful transactions.
• Other: Your comments, information regarding trip cancellations and cancellation fees, ratings, comments, and tips given to drivers, ratings and comments given by drivers to passengers, language and mobile app usage preferences, discount code/campaign information, preferences, and usage habits.
We also process your preferences and usage habits, as well as information obtained through the analysis of your aforementioned data (e.g., most preferred destinations).
We process your personal data through cookies to enhance your mobile app experience.
Click here for detailed information about Taksicim’s use of cookies.
2. CHANNELS AND METHODS OF COLLECTING YOUR PERSONAL DATA
We collect personal data from mobile application users through the Taksicim mobile application.
If you call Taksicim Customer Services or contact us at bilgi@taksicim.net or through our social media accounts, we collect your data through these channels. We collect and process your data through automatic and partially automatic methods. Partially automatic data processing refers to data processing that is partially performed with human intervention and partially performed automatically (through information systems). Automatic data processing is data processing that occurs automatically, without human intervention, through information systems.
In certain cases, we also collect your data through non-automated methods, provided that it is part of a data recording system (for example, if you physically submit information or documents to us).
3. PROCESSES WHERE YOUR PERSONAL DATA IS PROCESSED
Taksicim processes your personal data based on your membership in the mobile application, your use of the application, and our relationship with you.
For all processes specified, your transaction security information (device operating system, IP address, user transaction records on the app, and password) is processed for transactions conducted via the mobile app.
Passengers can rate drivers and leave comments about them through the mobile app, and drivers also have the opportunity to rate and comment on passengers. Passenger ratings and comments are only visible to Taksicim and are processed for the purposes of ensuring passenger satisfaction, ensuring that parties with low ratings are not paired with each other, prioritizing passengers with high ratings in operational processes, improving and developing our services, and ensuring that rating/review information is taken into account in potential disputes.
4. LEGAL REASONS WE RELY ON WHEN PROCESSING YOUR PERSONAL DATA
When processing your personal data, we rely on the legal grounds set forth in Article 5 of the Personal Data Protection Law. We have listed the legal grounds we rely on when processing your personal data below:
a. Personal data processing is necessary for the establishment or performance of a contract.
The processing of your personal data directly related to the establishment and performance of the contract between you and Taksicim is carried out based on this legal basis. For example, we process your personal data to verify your identity during membership registration and to process your registration.
b. Processing of personal data to establish, exercise, or protect a right.
We act based on this legal basis when we process your personal data to establish, exercise, or protect a right. For example, if your objection to payments is approved.
In this case, processing your personal data to refund the relevant amount to your card falls within this legal basis.
c. Personal data processing is necessary for our legitimate interests.
We rely on this legal basis when processing personal data is necessary for Taksicim’s legitimate interests, provided that it does not compromise fundamental rights and freedoms. For example, we process your information about your pet ownership to direct you to drivers who own vehicles suitable for transporting pets (we only process this information if you choose to share it with us).
When determining whether a data processing activity is necessary for our legitimate interests, we conduct a separate assessment. In making this assessment, we base our assessment on the criteria set out in the Board’s Decision No. 2019/78 dated 25/03/2019; we perform a balancing test by comparing the individual’s fundamental rights and freedoms with the legitimate interest that arises.
d. The data subject has provided explicit consent for the processing of their personal data.
When the legal grounds specified in Article 5 of the Personal Data Protection Law do not apply to the processing of your personal data, we ask for your explicit consent. For example, if you edit the information about disabled passengers in the “My Information” section of our mobile application, we process your information based on this legal ground.
If at least one of the legal grounds specified in the Law exists for the processing of personal data, we do not ask for the data subject’s explicit consent. We only ask for the data subject’s explicit consent for the processing of their personal data when there are no other legal grounds specified in the Law.
Regarding your location information, this information is processed based on whether you have consented to the use of location information based on the features of your mobile device’s operating system. You can change this preference at any time in the “Settings” section of your mobile device. 5. WHEN WE SHARE YOUR PERSONAL DATA
We share your personal data with the following parties, both domestic and international, for the purposes specified below:
Taksicim Drivers:
To facilitate communication between drivers and passengers, ensure that drivers and passengers confirm their locations and meet at the designated location, and ensure the most convenient journeys.
Suppliers and Business Partners:
To obtain support from suppliers related to our services, handle financial and accounting matters, collaborate with third parties regarding special offers for users, and manage business partner and supplier relationships.
Authorized Persons, Institutions, or Organizations:
To provide information to authorized persons, institutions, or organizations, carry out legal processes, and conduct our activities in accordance with legislation.
If you wish to share your trip information with your relatives, we will share your trip information with them in accordance with your preference.
We use technologies that analyze the performance of our activities to understand how mobile app users respond to marketing efforts, their interactions with our app, and how they use the mobile app. We share your information with our business partners for the use of these technologies.
6. YOUR RIGHTS REGARDING YOUR PERSONAL DATA
Article 11 of the Personal Data Protection Law regulates your rights regarding the processing of your personal data. These rights are as follows:
1. To learn whether we are processing your personal data,
2. If we are processing your personal data, to request information regarding the processing,
3. To learn the purposes for which Taksicim processes your personal data and whether it is used appropriately,
4. To learn whether your personal data has been transferred to third parties; If your personal data is being transferred, to learn the third parties, whether domestic or international, to whom it has been transferred.
5. To request correction of your personal data if it is incomplete or inaccurate, and to request that we notify third parties to whom we have transferred your personal data of the action taken in this context, if any.
6. Although we have processed your personal data in accordance with the Law and relevant legislation, if the reasons requiring processing of personal data no longer exist, to request that your data be deleted or destroyed, and to request that we notify third parties to whom we have transferred your personal data of the action taken in this context, if any.
7. To object to situations where a detrimental result has been produced by the analysis of your personal data we have processed, exclusively through automated systems.
8. To request compensation if you suffer damages due to the unlawful processing of your personal data.
Furthermore, where we process your personal data based on your explicit consent, you have the right to withdraw your consent at any time by contacting us.
7. METHODS OF EXERCISE YOUR RIGHTS
You can submit your requests regarding the rights specified above to Taksicim using the following methods.
You can send an email to kisiselveriler@taksicim.net using the email address registered in our systems.
You can choose other methods specified in the Communiqué on the Procedures and Principles for Applying to the Data Controller.
8. TAKSİCİM’S PERSONAL DATA PROCESSING PRINCIPLES
When processing your personal data, we comply with the data processing principles set forth in Article 4 of the Law. These principles are as follows:
• Compliance with the law and the rules of honesty: We carry out our data processing activities in accordance with legislative regulations and the principles of good faith.
• Accuracy and, where necessary, up-to-date: We always keep channels open to ensure that your personal data is accurate and up-to-date.
• Processing for specific, clear, and legitimate purposes: We determine the purposes for which personal data will be processed and provide you with information about these purposes in a transparent and understandable manner.
• Relevance, limitation, and proportionality to the processing purposes: We do not process personal data that is not relevant or needed to achieve the purpose, nor do we conduct personal data processing activities aimed at meeting potential needs.

• Retention for the period stipulated in relevant legislation or necessary for the purpose for which it is processed: If there is a period stipulated in legislation for the storage of personal data, we comply with this period; if no such period is stipulated, we only store personal data for the period necessary for the processing purposes.
9. SECURITY OF YOUR PERSONAL DATA
We take the necessary technical and administrative measures to ensure the security of your personal data. Below are some of the measures we have taken in this context:
• We place great importance on the principle of data minimization in the processing of personal data. In this context, when sharing passenger identification information with drivers, we provide only the first and last name initials to drivers, and we terminate drivers’ access to this information after the journey is completed.
• We implement cybersecurity measures, including up-to-date anti-virus systems and firewalls, to ensure personal data security. • We limit access to personal data only to employees who have a need to access it; we ensure compliance with data access authorizations in the systems we use to conduct our operations.

• We implement policies and practices regarding information security and personal data protection.