• 0

    EVA & LUNA


    PERSONAL DATA PROTECTION POLICY




    Eva Software Teknoloji Tic. Ltd. Şti. (“Company”) operates the Eva & Luna website and mobile applications (“Service”). As part of our commitment to protecting fundamental rights and freedoms, we attach great importance to the privacy and protection of personal data of our Users (“Data Subjects”).


    This Personal Data Protection Policy (“Policy”) has been prepared in accordance with Law No. 6698 on the Protection of Personal Data (KVKK) and applicable legislation. Its purpose is to explain how personal data is collected, processed, stored, protected, and transferred, as well as to inform Data Subjects of their rights.

    1. Scope


    This Policy applies to:

    • All users who visit or register on www.evaandluna.com or use the Eva & Luna mobile applications,

    • All personal data obtained through digital channels (website, mobile app, social media, e-mail, call center, etc.),

    • All processing activities carried out by the Company regarding personal data.

    2. Principles of Personal Data Processing


    Personal data is processed in accordance with the following principles under KVKK Article 4:

    • Lawfulness and fairness,

    • Accuracy and being kept up to date where necessary,

    • Processing for specific, explicit, and legitimate purposes,

    • Being relevant, limited, and proportionate to the purposes,

    • Being stored for the period required by legislation or for the purpose for which it is processed.

    3. Categories of Data Collected


    The Company may collect the following categories of personal data depending on the interaction with the Service:

    • Identity Information: Name, surname, date of birth, national ID number (if required for billing).

    • Contact Information: E-mail, phone number, address.

    • User Account Information: Username, password (encrypted), profile details.

    • Transaction Information: Order history, payment details (not stored by the Company, only processed via secure payment infrastructure).

    • Technical Data: IP address, device type, browser type, log records.

    • Marketing Data: Preferences, campaign responses, browsing behavior, cookies.

    • Location Data: Access location for mobile app or website usage.

    4. Purposes of Data Processing


    Personal data is processed for the following purposes:

    • To provide, improve, and personalize the Service,

    • To manage user accounts and membership processes,

    • To execute orders, payments, and deliveries,

    • To communicate with users regarding services, campaigns, and updates,

    • To manage requests, complaints, and customer support,

    • To carry out marketing and promotional activities (subject to explicit consent),

    • To ensure legal compliance and respond to official authority requests,

    • To maintain system and transaction security.

    5. Transfer of Personal Data


    Personal data may be transferred:

    • To service providers (hosting, logistics, payment, marketing, analytics),

    • To business partners (with user consent for campaigns and promotions),

    • To affiliates and subsidiaries,

    • To public authorities, when legally required,

    • To contracted courier companies for delivery purposes.


    Personal data may also be stored on servers located in Turkey or abroad, provided that adequate data protection safeguards are in place.

    6. Storage Periods


    Personal data is retained only for the period necessary for the purposes described in this Policy, or as required by law. At the end of this period, data is securely deleted, destroyed, or anonymized.

    7. Rights of Data Subjects


    In accordance with KVKK Article 11, Data Subjects have the right to:

    • Learn whether their personal data is processed,

    • Request information regarding processing,

    • Learn the purpose of processing and whether it is used accordingly,

    • Request correction of incomplete or inaccurate data,

    • Request deletion or destruction of personal data,

    • Request notification of corrections/deletions to third parties to whom data has been transferred,

    • Object to the occurrence of results against them through analysis by automated systems,

    • Request compensation for damages in case of unlawful processing.


    Applications regarding these rights can be made by filling out the Data Subject Application Form available on our website and sending it via the methods indicated.

    8. Data Security Measures


    The Company takes all necessary technical and administrative measures to:

    • Prevent unlawful access to personal data,

    • Ensure secure storage and protection of data,

    • Detect unauthorized access attempts,

    • Provide regular training to staff handling personal data.


    In the event of unauthorized access or a data breach, the Company will immediately notify the relevant Data Subjects and the Personal Data Protection Authority (KVKK Board).

    9. Use of Cookies


    The Site uses cookies to improve user experience and analyze usage.

    For details, please see our Cookie Policy.

    10. Updates to the Policy


    The Company reserves the right to amend this Policy at any time. Updated versions will be published on the website and become effective immediately.

    11. Contact Information


    For any questions or requests regarding this Policy:

    • Company: Eva Software Teknoloji Tic. Ltd. Şti.

    • Address: Yakuplu Mah. Hürriyet Bulvarı Skyport Residence No:1, Unit:64, Beylikdüzü / Istanbul

    • E-mail: [email protected]