Privacy Policy
1. Who we are
Bumasan Teknoloji A.Ş. is the data controller for personal data collected through bumasan.com and associated apps. This policy explains what data we collect, why, how we use it, and your rights.
2. Data we collect
Account and identity data
- Name, email, phone, and hashed password
- Company name, registration number, country, and address
- Identity documents uploaded during verification (stored encrypted)
Transaction data
- RFQ details, quotes, order values, and payment terms
- Escrow transaction records and release confirmations
- Shipping documents, invoices, and certificates in the vault
Usage and technical data
- IP address, browser type, device, and operating system
- Pages visited, search queries, and time on platform
- Cookies and session identifiers (see our Cookie Policy)
3. How we use your data
- Contract performance: To operate your account, process escrow, and deliver our services
- Legal obligation: To comply with KYC/AML, Turkish law, and GDPR
- Legitimate interest: To prevent fraud, improve security, and send service communications
- Consent: To send marketing emails (withdrawable at any time)
4. Data sharing
Bumasan does not sell personal data. We share data only with: platform parties (buyer info shared with manufacturers on RFQ), GDPR-compliant service providers (Supabase, Cloudinary, SendGrid, Algolia), and law enforcement when required by law.
5. Data retention
Account data retained while account is active. Transaction records retained 7 years (Turkish accounting law). On account deletion, personal data is deleted within 30 days except where retention is legally required.
6. Your rights
Under GDPR (EU) and KVKK (Turkey) you have the right to: access, correct, delete, port, and object to processing of your data. Contact privacy@bumasan.com. If unsatisfied, file a complaint with your national DPA.