TR EN ME GR
Download

Privacy Policy

Greece Montenegro Türkiye

Personal Data Protection, Processing and Privacy Policy

1. INTRODUCTION TO THE PERSONAL DATA PROTECTION POLICY

Personal data is protected under the Constitution of the Republic of Turkey, Law No. 6698 on the Protection of Personal Data ("Law" and/or "KVKK"), and the Turkish Penal Code (TCK). The Law defines personal data and sets out the principles for its protection, along with the obligations of those acting as data controllers in the processing of such data. According to the Law, personal data refers to “any information relating to an identified or identifiable natural person.” Processing of personal data means “any operation performed on personal data, wholly or partially by automated means or by non-automated means provided that it forms part of a data recording system, including the collection, recording, storage, alteration, sharing with third parties, and transfer abroad of personal data.”

Hop Teknoloji Anonim Şirketi (hereinafter referred to as the “Company” or “hop”) attaches great importance to the lawful collection, protection, and processing of personal data in accordance with Law No. 6698 on the Protection of Personal Data. Our Company takes all necessary administrative and technical measures to ensure the lawful acquisition, processing, storage, and protection of personal data and adopts the highest standards in this regard.

Hop has prepared this Personal Data Protection, Processing, and Privacy Policy (“Policy”) to outline the principles and rules governing the processing of personal data. The Policy serves as a guide to inform data subjects and to ensure transparency. The relevant legal regulations in force concerning the processing and protection of personal data will be primarily applied. In the event of any inconsistency between the applicable legislation and the Policy, hop acknowledges that the provisions of the applicable legislation shall prevail. Hop may revise the Policy to comply with changing conditions and legislation, and these changes can be followed through the application and website.

Definitions

As Hop Teknoloji A.Ş., we aim to maintain the trust of all our stakeholders with the importance we place on the protection of personal data and to fulfill our commitment to the privacy of personal data. The Law, which came into force on April 7, 2016, defines personal data and regulates the fundamental principles for its protection and the rules that data controllers must follow. Under this Law:

  • Explicit Consent: Consent that is based on information and freely given regarding a specific subject.
  • Data Subject: The natural person whose personal data is processed.
  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing of Personal Data: Any operation performed on personal data, whether wholly or partially by automated means or by non-automated means provided that it forms part of a data recording system, including the collection, recording, storage, retention, alteration, reorganization, disclosure, transfer, acquisition, making available, classification, or prevention of use of such data.
  • Board: The Personal Data Protection Board.
  • Authority: The Personal Data Protection Authority.
  • Data Processor: A natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.
  • Data Recording System: A recording system in which personal data is structured and processed according to specific criteria.
  • Data Controller: A natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
  • Electronic Environment: Any environment where personal data can be created, read, modified, and written using electronic devices.
  • Non-Electronic Environment: All other environments outside electronic ones, including written, printed, visual, etc.
  • Service Provider: A natural or legal person who provides services to the Company under a specific contract.
  • Destruction: Deletion, destruction, or anonymization of personal data.
  • Law: Law No. 6698 on the Protection of Personal Data.
  • Recording Environment: Any environment where personal data is processed, whether fully or partially by automated means or by non-automated means provided that it forms part of a data recording system.
2. PROCESSING OF PERSONAL DATA

2.a. Fundamental Principles Applied in the Processing of Personal Data
Article 20, paragraph 3 of the Constitution guarantees the protection of personal data and stipulates that personal data may only be processed in cases provided by law or with the explicit consent of the individual. In accordance with the constitutional rights granted to personal data owners, hop processes personal data within the framework of principles set forth in the law or in cases where explicit consent has been given, following the principles listed in Article 4 of the Law:

  • Processing in Compliance with the Law and the Principle of Honesty
  • Ensuring Personal Data is Accurate and, Where Necessary, Up-to-Date
  • Processing for Specific, Explicit, and Legitimate Purposes
  • Being Relevant, Limited, and Proportionate to the Purposes for which They are Processed
  • Retaining Personal Data Only for as Long as Necessary for the Purpose of Processing or as Prescribed by Relevant Legislation

2.b. Conditions and Purposes for Processing Personal Data
The conditions for processing personal data and sensitive personal data are regulated by the Law, and according to Articles 5 and 6 of the Law, both types of data can be processed under specific conditions. Sensitive personal data is strictly defined in the Law and includes information regarding a person’s race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and clothing, membership in associations, foundations, or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data. Under our company policy, we do not request sensitive personal data. Providing such data is entirely voluntary.
On the other hand, hop processes general personal data in accordance with the general principles set forth in Article 4 of the Law for the purposes and under the conditions specified below.
Accordingly:

  • Processing your personal data by hop is explicitly stipulated by the laws.
  • Processing is necessary for the protection of the life or physical integrity of the personal data owner or another person, where the data subject is unable to express consent due to actual impossibility or legal invalidity.
  • Processing is directly related to and necessary for the establishment or performance of a contract to which you are a party.
  • Processing is necessary for hop to fulfill its legal obligations.
  • Your personal data has been made public by you, and processing is limited to the purpose for which it was made public.
  • Processing is necessary for the establishment, exercise, or protection of rights by hop, yourself, or third parties.
  • Processing is necessary for the legitimate interests of hop, provided that this does not harm your fundamental rights and freedoms.

Within this scope, hop processes personal data for the following purposes:

Using personal data appropriately and within the limits prescribed by KVKK to fulfill the purposes stated in the Company’s main contract.

The purposes of processing include:

  • Providing services through the hop application, creating user accounts, and managing contract processes.
  • Pricing services, issuing invoices, and managing financial processes.
  • Reporting accidents, such as traffic incidents during service usage, and taking necessary actions.
  • Enhancing user experience and offering personalized content, developing marketing strategies.
  • Offering campaigns tailored to user needs, conducting digital marketing activities, and ensuring customer satisfaction.
  • Increasing the efficiency of provided services and improving user support processes.
  • Managing user requests and complaints, providing post-service support.
  • Monitoring contract processes, handling legal claims, and fulfilling legal obligations.
  • Ensuring operational security and planning company audit processes.
  • Sharing information with authorized institutions and organizations as required by law and in compliance with legal regulations.
  • Ensuring data is accurate and up to date.
  • Planning and implementing activities related to technical and commercial business security.
  • Planning business and commercial strategies, managing information technology infrastructure, planning logistics processes, and analyzing business activities.
  • Preventing fraudulent activities, ensuring compliance with ethical standards, and managing relationships with business partners and suppliers.
3. TRANSFER OF PERSONAL DATA

3.a. General Principles Regarding the Transfer of Personal Data
Articles 8 and 9 of the Law regulate the principles regarding the transfer of personal data within the country and abroad. In this context, hop may transfer personal data, which it has obtained lawfully, to third parties in accordance with its data processing purposes and by taking necessary security measures.
Accordingly, hop may transfer personal data to third parties if one of the following conditions is met:

  • Explicit provision in the law: If there is an explicit provision in the relevant legislation regarding the transfer of personal data, the transfer may be carried out.
  • Explicit consent of the data subject: If the data subject has explicitly given consent, personal data can be transferred.
  • Necessity for the protection of life or physical integrity: If it is necessary to transfer data to protect the life or physical integrity of the data subject or another person, and the data subject is unable to express consent due to actual impossibility or legal invalidity, the data can be transferred.
  • Requirement for the establishment or performance of a contract: If the transfer of personal data is directly related to and necessary for the establishment or performance of a contract, it can be carried out.
  • Fulfillment of legal obligations: If hop is required to transfer personal data to fulfill a legal obligation, the transfer may take place.
  • Publicly disclosed data: If personal data has been made public by the data subject, it may be transferred in line with the purpose of public disclosure.
  • Establishment, exercise, or protection of a right: If the transfer is necessary for the establishment, exercise, or protection of a right, it can be carried out.
  • Protection of legitimate interests: Provided that it does not harm the fundamental rights and freedoms of the data subject, the transfer may be necessary for the legitimate interests of hop.

In accordance with these conditions, hop carries out personal data transfer processes in compliance with the Law and takes necessary security measures.

3.b. Transfer of Personal Data Abroad
hop may transfer personal data abroad for legitimate and lawful data processing purposes if one of the legal bases outlined in Article 9 of the Law exists.
Accordingly:

  1. Existence of an adequacy decision
  2. In the absence of an adequacy decision, if one of the conditions stated in Articles 5 and 6 of the Law exists and the data subject has the opportunity to exercise their rights and access legal remedies in the country where the data will be transferred;
  3. Existence of a non-international agreement between public institutions and organizations or international organizations abroad and public institutions and organizations or professional organizations in Turkey, provided that the transfer is permitted by the Board.
  4. Binding corporate rules approved by the Board, which include provisions on the protection of personal data, applicable to companies within a group engaged in joint economic activities.
  5. Standard contracts announced by the Board, which outline matters such as data categories, purposes of transfer, recipients and recipient groups, technical and administrative measures to be taken by the data recipient, and additional precautions for sensitive personal data.
  6. A written commitment containing provisions ensuring adequate protection, with the transfer permitted by the Board.

If there is no adequacy decision and none of the appropriate safeguards listed above can be ensured, personal data may be transferred abroad under exceptional circumstances specified in the Law.

3.c. Third Parties to Whom Personal Data is Transferred

In accordance with the conditions stated above and Articles 8 and 9 of the Law, hop may transfer the personal data of data subjects governed by this Policy to the following parties:

  • Business partners and suppliers: Anonymously, to fulfill the purposes of establishing a business partnership and carrying out commercial activities (explicit consent will be obtained for any other data transfers).
  • Affiliates: To ensure the execution of commercial activities that require the participation of hop affiliates.
  • Shareholders: Limited to designing strategies related to hop’s commercial activities, providing information in line with company procedures, and for audit purposes in compliance with legal regulations.
  • Public institutions and organizations: To the relevant public institutions and organizations and private legal entities, limited to the purposes requested within their legal authority.
  • Public and private legal entities: To public institutions and organizations and private legal entities that hop receives services from or provides services to, provided that the conditions for data transfer stipulated by law are met.
4. PROTECTION OF PERSONAL DATA

hop ensures the lawful processing and protection of personal data by taking the administrative and technical measures prescribed by the relevant legislation and as notified by the Personal Data Protection Board. In this context, hop takes reasonable technical and administrative measures—considering technological possibilities and the cost of implementation—to ensure the lawful processing of personal data, its storage in secure environments, prevention of unauthorized access and other unlawful breaches, prevention of accidental data loss, intentional damage to data, and unauthorized deletion.
In this regard:

  • hop ensures that its personal data processing activities are audited through established technical systems and that regular reports are generated regarding the technical measures taken.
  • Employees who process personal data within hop are informed and trained about personal data protection laws and the lawful processing of personal data.
  • Application policies are determined within relevant units to meet the legal compliance requirements identified for business units, creating awareness on these matters, and company-wide policies are established and training is provided to ensure the monitoring and sustainability of these practices.
  • Personnel awareness is raised regarding the prohibition of processing, disclosing, or using personal data beyond the instructions defined by hop and the regulations imposed by law.
  • Authorizations are granted based on legal compliance obligations identified within each unit, and access permissions are limited accordingly.
  • Software and hardware containing firewalls are installed, and antivirus protection systems are used to prevent data leaks.

For personal data stored due to technical requirements by third parties providing services to hop, contracts include provisions requiring that these third parties take necessary security measures to protect the data and ensure compliance within their organizations.
Legally compliant backup programs are used, and technical security systems are established for storage areas.
In accordance with Article 12 of the Law, hop ensures that if personal data processed under the Law is obtained unlawfully by third parties, the relevant data subject and the Personal Data Protection Board are notified as soon as possible.

5. INFORMING, RIGHTS, AND NOTIFICATION OF THE PERSONAL DATA SUBJECT

5.a. Informing the Personal Data Subject

In accordance with Article 10 of the Law, the data controller is obliged to provide certain information to the relevant persons during the collection of personal data. Within this scope, the data controller must inform data subjects about the identity of the data controller and its representative (if any), the purposes for which the personal data will be processed, and to whom and for what purposes the processed data may be transferred. Additionally, explanations must be provided regarding the methods by which the personal data are collected and the legal basis for this process. It is also mandatory to inform data subjects about their rights under Article 11 of the Law on the Protection of Personal Data. Accordingly, hop informs personal data owners within the framework of the regulations in the legislation.

5.b. Rights of Personal Data Subjects

Under Article 11 of the Law, the following rights are granted to you concerning your personal data:
The natural person whose personal data is processed is defined as the data subject. As the data subject, under KVKK, you have the right to:

  • Learn whether your personal data is being processed,
  • Request information if your personal data has been processed,
  • Learn the purpose of processing your personal data and whether it is being used in accordance with that purpose,
  • Know the third parties to whom your personal data has been transferred domestically or abroad,
  • Request the correction of your personal data if it has been processed incompletely or incorrectly,
  • Request the deletion or destruction of your personal data within the framework of the conditions set out in the KVKK,
  • Request that third parties to whom your personal data has been transferred be informed about the correction, deletion, or destruction of your personal data,
  • Object to the occurrence of a result against you by analyzing the processed data exclusively through automated systems,
  • Demand compensation if you suffer damage due to the unlawful processing of your personal data.

However, under Article 28 of the Law, the above-mentioned rights cannot be exercised in the following cases:

  • When personal data is processed for purposes such as official statistics or research, planning, and statistics after being anonymized.
  • When personal data is processed for artistic, historical, literary, or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy of private life, or personal rights, and does not constitute a crime.
  • When personal data is processed by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order, or economic security as part of preventive, protective, and intelligence activities.
  • When personal data is processed by judicial authorities or enforcement authorities in relation to investigations, prosecutions, trials, or enforcement proceedings.

According to Article 28/2 of the Law, except for the right to request compensation for damages, personal data owners cannot exercise the above rights in the following cases:

  • When the processing of personal data is necessary for the prevention of crime or for criminal investigations.
  • When personal data has been made public by the data subject.
  • When personal data is processed by public institutions and organizations or professional organizations with public institution status, authorized by law to carry out supervisory or regulatory duties, or for disciplinary investigations or prosecutions.
  • When personal data is processed for the protection of the State's economic and financial interests regarding budget, tax, and financial matters.

5.c. Notification of Personal Data Subjects

As personal data subjects, you may submit your requests regarding your rights arising from the Constitution and the Law through the following methods:

  • You can send your request to the email address [email protected] or mail your written request to “Erler Mah. Dumlupınar Bul. No: 348 İç Kapı No: 53 Etimesgut / Ankara”.
  • You can submit your request through a legal representative/third party authorized via a special power of attorney issued by a notary.
  • You can follow any method prescribed by the Personal Data Protection Board.

hop may request additional information from the relevant person to verify whether the applicant is the personal data owner. To clarify issues in the request, hop may also ask questions or request extra information if the application does not meet the requirements specified in the legislation or in the "Communique on the Principles and Procedures for Application to the Data Controller" dated 10.03.2018 and numbered 30356.

If you submit a valid request using one of the above methods, your application will be evaluated within 30 days in accordance with Article 13/2 of the Law, and you will be informed of the result. If your request is accepted, hop will promptly execute the necessary actions.
Applications are generally processed free of charge. However, if fulfilling the request incurs a cost, hop may charge a fee as specified in Article 7 of the "Communique on the Principles and Procedures for Application to the Data Controller":

“No fee will be charged for up to 10 pages. For each page exceeding 10 pages, a fee of 1 TL per page may be charged. If the response to the application is provided on a CD, flash drive, or similar medium, the fee cannot exceed the cost of the medium.”

If your application is rejected, if you find the response inadequate, or if no response is provided within the legal timeframe, you have the right, under Article 14 of the Law, to file a complaint with the Personal Data Protection Board within 30 days of learning hop’s response or, in any case, within 60 days from the date of your application.

6. DATA SUBJECT AND PERSONAL DATA CATEGORIZATION

6.a. Data Subject Categorization

hop has classified the personal data it processes as follows. The data subject classification created within the scope of this Policy is associated with the personal data categories listed below. However, data subjects not included within this scope may also submit their requests to hop in accordance with this Policy.

Personal Data Subject Categories:

  • Member/Customer/User/Product or Service Recipient: Individuals who benefit from or have previously benefited from hop’s products and services, regardless of whether they have a contractual relationship with hop.
  • Potential Customer: Natural persons who show interest in hop’s products and services, make inquiries, or are evaluated as potential customers based on commercial practices and principles of honesty.
  • Third Parties: Other natural or legal persons not covered by this Policy or by hop Employees, Personal Data Protection, and Processing Policy.
  • Business Partner, Shareholder, Representative, Employee: Natural persons including employees, shareholders, and authorized representatives of institutions with which hop has a business relationship.
  • Supplier Shareholder, Representative, Employee: Natural persons including employees, shareholders, and authorized representatives of institutions from which hop receives products or services and collaborates.
  • Potential Business Partner: Natural persons who are employees, shareholders, or authorized representatives of legal entities with which hop plans to establish a business relationship.
  • Visitor: Natural persons who visit hop’s physical premises for specific purposes or use hop’s websites.

6.b. PERSONAL DATA CATEGORIES

hop processes various categories of personal data to provide better services to its users, fulfill legal obligations, and effectively manage service processes. Below are detailed types of personal data processed and their purposes:

  1. Identity Data
    Includes full name, Turkish ID number (passport number for foreigners), date of birth, and gender information.
  2. Contact Data
    Includes phone number, location/address, and email address of the individual.
  3. Location/Driving Data
    Includes route, distance covered, speed, and GPS data collected during the use of hop’s services.
  4. Financial Data
    Covers personal data processed concerning the financial outcomes of hop’s legal relationship with the data subject, including debt information, related documents and records, bank account number, IBAN, and masked credit card details.
  5. Visual and Audio Records
    Includes photos uploaded to the application at the end of a ride, live support service recordings, email correspondence, and phone call recordings.
  6. Customer Transaction Data
    Includes membership date, membership ID, ride details, usage details, complaint and suggestion records, call center records, and location or user-specific campaign data.
  7. Legal Transaction Information
    Personal data processed within the scope of identifying and pursuing legal claims and rights, fulfilling obligations, and ensuring compliance with legal requirements and hop’s company policies.
  8. Marketing Information
    Includes data such as frequency of service use (ride duration and number), date and time of service usage, promo codes used, searches conducted via website and mobile app, and cookie data.
  9. Risk Management Information
    Consists of information related to users to protect hop’s commercial reputation (e.g., data from complaint websites, information collected from social media about the company, its senior executives, or shareholders, assessment reports created on this basis, and actions taken regarding these assessments).
  10. Transaction Security Information
    Includes ID/QR code information of the rented device, user/member transaction records, device type and hardware information, operating system and version of the mobile device used, app usage data, and traffic data.
7. RETENTION PERIODS OF PERSONAL DATA

Personal data is retained by hop for the durations specified in the relevant legal regulations and in accordance with legal obligations. If there is no regulation regarding the retention period of personal data in the legislation, such data is processed for the period necessary in connection with hop’s business processes, commercial practices, and activities, and is then deleted, destroyed, or anonymized.
Personal data whose purpose of processing has ended or which has been requested to be deleted/anonymized by data subjects is retained only for the purpose of serving as evidence in legal disputes, asserting legal claims, or protecting the right to defense after the expiration of the relevant retention periods and hop’s specified retention policies. When determining the retention periods for personal data, hop takes into account the statute of limitations specified in the legislation.
Data retained for such purposes is accessed only when necessary and only by authorized individuals, and it is not accessed for any other purpose. Once the retention period expires, the personal data is deleted, destroyed, or anonymized.

8. DELETION, DESTRUCTION, AND ANONYMIZATION OF PERSONAL DATA

In accordance with Article 138 of the Turkish Penal Code and Article 7 of Law No. 6698 on the Protection of Personal Data, personal data that has been processed lawfully shall be deleted, destroyed, or anonymized by hop ex officio or upon the request of the data subject when the reasons for its processing no longer exist.
This process is carried out in full compliance with the relevant legal regulations.

Disclosure Text on the Protection and Processing of Personal Data

Hop Teknoloji A.Ş. (“hop” or the “Company”) takes the highest possible security measures to ensure that your personal data is processed, stored, deleted, destroyed, anonymized, transferred, secured, and protected in accordance with the law and legal regulations.

The purpose of preparing this Disclosure Text is to transparently inform you, in accordance with Article 10 of the Law on the Protection of Personal Data No. 6698 (“Law”), about how your personal data is collected, the purposes for which it is processed, the persons and institutions with whom it is shared, the legal grounds, and your rights.

Your personal data may be processed by hop, in its capacity as the data controller, under the conditions for data processing specified in the law and in the manner outlined in the Law.

This text has been prepared to inform members/users about the collection and processing of their personal data.

Data Controller

Your personal data may be processed by Hop Teknoloji A.Ş. as the data controller within the scope explained below. The term "data controller" refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.

You can contact the data controller through the following channels:

Address: Erler Mah. Dumlupınar Bul. No:348 İç Kapı No:53 Etimesgut/Ankara
E-mail Address: [email protected]

1. Collected Personal Data

The personal data collected and used by hop regarding members/users are as follows:

Identity Data: Full name, Turkish ID number, date of birth, and gender (if provided).
According to Article 15/3 titled "Service Agreement" of the Electric Scooter Regulation No. 31454 published in the Official Gazette on April 14, 2021, the Company requires the inclusion of the Turkish ID number in the service agreement with individual customers/users.
The date of birth is collected to verify whether members/users are over 15 years old, which is necessary for properly and validly establishing the agreement.
For foreign members/users, passport numbers are collected, and for legal entity members/users, tax identification numbers are obtained.

Contact Data: Phone number and email address.
To properly perform the service, hop collects and processes phone numbers to respond to any requests and complaints from members/users, to provide maintenance and repair support in case of any issues with the vehicles, and to establish the fastest and most effective communication with members/users in emergencies or negative situations.
Email addresses are collected and processed to notify users of any changes in the contract or company policies, inform them about campaigns and updates, and send documented responses to their applications, complaints, or requests.

Ride Data: GPS and route data, location data, and speed data collected during the service.
Hop uses location data to send technical support teams in case members/users encounter issues during the service. Additionally, to protect its legitimate interests, hop processes and uses ride data as legal evidence in case of judicial incidents.

Financial Data: Invoice details, payment information and methods, and debt information.
To fulfill legal obligations and maintain hop’s accounting records, members/users' financial data, as stated on the invoice, are legally collected and processed. Any information or documents showing financial results, payment records, and masked credit card numbers (first four and last six digits) are considered financial data.
Hop can only access users’ credit card information in a masked format through the payment infrastructure and processes payments via the related payment service provider. Hop does not store credit card information in its internal systems.

Other Data:

  • Visual and Audio Records: Photos uploaded by members to end rides, live support recordings, phone call records, email correspondence, and any other communication records collected through the website, mobile app, or other contact methods. These are processed to improve service quality and efficiency.
  • Customer Transaction Data: Membership date, membership ID, ride details, usage details, complaint and suggestion records, call center records, location or user-based campaign data.
  • Legal Transaction Information: Personal data processed for the identification and follow-up of legal claims and rights, the fulfillment of obligations, and compliance with company policies.
  • Marketing Data: Frequency of service usage (ride duration and number), date and time of service use, applied promotion codes, searches performed via the website and mobile app. These are collected and processed to ensure legal and commercial security and compliance with legal obligations.
  • Risk Management Data: Data associated with the member, collected to protect hop’s/commercial reputation.
  • Transaction Security Data: Device ID/QR code of the rented/used scooter, member/user transaction records, type and hardware details of the mobile device used, device operating system and version, app usage information, and traffic data.
2. Purpose of Processing Personal Data

Your collected personal data is processed for the following purposes:

  1. a. Establishment and Execution of the Contract:
    1. Providing the service offered through the hop application, creating user accounts, ensuring the Company's compliance with laws and relevant regulations, and managing contract processes, which involves processing identity, contact, transaction security, and location data.
    2. Managing necessary financial and accounting processes for service provision, pricing, and invoicing.
    3. In case a member/user is involved in a traffic accident while using hop's services, identity, contact, location, customer transaction, and transaction security data are processed to report the accident, take necessary actions, and fulfill the Company's legitimate interests as required by law.
  2. b. Enhancing User Experience and Providing Personalized Content:
    1. Planning and implementing activities aimed at improving user experience, which involves using contact, marketing, and visual/audio records.
    2. Conducting market research targeting specific audiences to optimize product and service marketing processes and developing communication and marketing strategies based on these studies. For this purpose, identity, contact, marketing, customer transaction, and visual/audio data are processed.
    3. Offering personalized content based on user needs and habits, providing discounted campaigns, executing digital marketing activities, and developing advertising strategies using identity, contact, marketing, and customer transaction data.
    4. Planning and/or implementing activities to ensure user satisfaction, delivering personalized suggestions and real-time notifications, tracking and analyzing user habits, and performing targeting activities. Identity, contact, risk management, customer transaction, and visual/audio data are processed for these purposes.
    5. Verifying user identities, monitoring user behavior, managing digital marketing and advertising campaigns, and conducting market research and surveys to plan and execute activities aimed at selling and marketing the Company's products and services. Contact, identity, marketing, customer transaction, and visual/audio data are processed for these purposes.
  3. c. Improving Service Quality and User Support Processes:
    1. Identity, contact, marketing, financial, and customer transaction data are processed to plan and implement the necessary processes for the effective delivery of services.
    2. Identity, contact, marketing, financial, visual and audio recordings, customer transactions, and ride data are processed to plan and/or implement post-service support activities and provide any support services required by users.
    3. Identity, contact, visual and audio recordings, and customer transaction data are processed to develop and implement user relationship management processes, ensuring continuous and effective communication to enhance user satisfaction.
    4. Identity, contact, visual and audio recordings, and customer transaction data are processed to regularly monitor user requests and/or complaints and manage resolution processes.
    5. Identity, contact, marketing, customer transaction, legal transaction, visual and audio recordings, transaction security, and ride information are processed to monitor contract processes and/or legal requests and to fulfill legal obligations.
  4. d. Ensuring Legal, Technical, and Commercial Business Security:
    1. Contact, ride, financial, risk management, transaction security, and legal transaction data are processed to plan and conduct company audit activities.
    2. Identity, contact, transaction security, customer transaction, legal transaction, location, and financial data are processed to ensure company operations are conducted in compliance with relevant legal regulations and internal company policies.
    3. Legal transaction, risk management, customer transaction, transaction security, and ride data are processed to take necessary measures to ensure the security of company operations.
    4. Legal transaction, risk management, customer transaction, and transaction security data are processed to ensure that data is kept accurate and up to date.
    5. Identity, location (including route), contact, transaction security, customer transaction, visual and audio recordings, and legal transaction data are processed to provide necessary information to authorized institutions in accordance with relevant legislation.
  5. e. Planning Commercial and Business Strategies:
    1. Identity, contact, customer transaction, legal transaction, transaction security, risk management, financial, and location data are processed to manage information security processes, financial and accounting tasks, strategic planning activities, legal processes, and corporate communication activities.
    2. Risk management, transaction security, customer transaction, legal transaction, visual and audio recordings, contact, location, financial, and marketing data are processed to analyze, plan, and implement business activities, establish and manage IT infrastructure, and plan and execute logistics and production activities.
    3. Legal transaction, risk management, and transaction security data are processed to prevent fraudulent activities, ensure compliance with regulations, and adhere to ethical/compliance rules.
    4. Contact, risk management, financial, customer transaction, visual and audio recordings, location, marketing, and transaction security data are processed to manage relationships with business partners and suppliers and to develop business strategies.

3. Method and Legal Basis for Collecting Personal Data

Your personal data is collected by hop through various channels, including the company’s mobile application, website, email, relevant digital platforms, social media accounts you access, call centers, and physically via mail/courier.

Your personal data may be processed for the purposes outlined in Articles 1 and 2 of this Disclosure Text based on the following legal grounds provided under Article 5 of the Law on the Protection of Personal Data No. 6698:

  • Explicitly provided for by law.
  • Necessary for the establishment or performance of a contract directly related to the services provided to you.
  • Required to fulfill our legal obligations.
  • Publicly disclosed by you (to the extent consistent with the purpose of disclosure).
  • Necessary for the establishment, exercise, or protection of a legal right.
  • Necessary for our legitimate interests, provided that it does not harm your fundamental rights and freedoms.
4. Parties to Whom Personal Data May Be Transferred and Purpose of Transfer

The personal data collected by hop may be shared, in accordance with the purposes detailed in Article 2 of this Disclosure Text and based on the legal grounds specified in Article 5 of the Law, under Article 8 of the Law on the Protection of Personal Data, with our domestic affiliates, investors, shareholders, business partners, legally authorized public institutions, and private entities.

Additionally, for the purposes specified in Article 2 and limited to these purposes, your personal data may be transferred under Article 9 of the Law to our foreign affiliates, investors, shareholders, business partners, and service providers. This transfer will be conducted under standard agreements signed with foreign data recipients, and necessary measures will be taken to ensure the security of your personal data during this process.

5. Your Rights Regarding Your Personal Data

Under Article 11 of the Law on the Protection of Personal Data (KVKK), you are granted the following rights concerning your personal data:

As a data subject whose personal data is processed, you have the right to:

  1. Learn whether your personal data has been processed,
  2. Request information if your personal data has been processed,
  3. Learn the purpose of processing your personal data and whether it has been used in line with that purpose,
  4. Know the third parties to whom your personal data has been transferred, either domestically or abroad,
  5. Request the correction of incomplete or inaccurate personal data,
  6. Request the deletion or destruction of your personal data under the conditions set forth in the KVKK,
  7. Request notification of the actions taken under items (e) and (f) to third parties to whom your personal data has been transferred,
  8. Object to any outcome against you resulting from the analysis of your personal data exclusively through automated systems,
  9. Request compensation if you suffer damage due to the unlawful processing of your personal data.

You can exercise these rights as outlined in the relevant legal framework.

How Can You Exercise Your Rights?

As a personal data owner, you can submit your requests regarding your rights by contacting the Company via email at [email protected] or by preparing a physical request and sending it via mail/courier to the following address:

Erler Mah. Dumlupınar Bul. No: 348 İç Kapı No: 53 Etimesgut / Ankara

Requests that do not meet the conditions specified in the relevant legislation by the Personal Data Protection Authority and in the "Communique on the Principles and Procedures for Application to the Data Controller" published on March 10, 2018, in the Official Gazette No. 30356, will not be processed unless the missing information is provided.

If your application meets the requirements and is submitted through one of the above methods, your request will be evaluated within 30 days as stipulated under Article 13/2 of the Law on the Protection of Personal Data (KVKK), and you will be informed of the outcome. If your request is accepted, the necessary actions will be promptly taken by the data controller, the Company.

Requests are generally handled free of charge. However, if the fulfillment of your request incurs a cost, the Company may charge a fee as stipulated in Article 7 of the "Communique on the Principles and Procedures for Application to the Data Controller":

  • No fee will be charged for responses up to 10 pages.
  • For responses exceeding 10 pages, a fee of 1 TL per additional page may be charged.
  • If the response is provided on a physical medium (such as CD or flash drive), the fee will not exceed the cost of the medium.

Hop reserves the right to unilaterally update this Disclosure Text when necessary due to business needs or legal requirements.