Privacy Policy

1. Introduction

Bilira Teknoloji Anonim Şirketi (hereinafter also “our Company”, “BiLira”, “we” and “us”) recognizes the importance of protecting the privacy of your personal data.

This Privacy Policy aims to explain how we collect, use, store, share, dispose of and protect your personal data in accordance with the Turkish Personal Data Protection Law (“KVKK”) and the General Data Protection Regulation (EU) 2016/679 (“GDPR”), when you access our platforms bearing BiLira owned and/or operated by us or whenever we otherwise connect with you.

You can feel safe while using our website. However, please remember that no system is entirely secure. Even if we take all necessary steps to protect your data, there is always the possibility of being out of security. For this reason, please be very careful with your personal data. We strongly advise you not to share your voice, photos, or other personally identifiable information through email, message, or any other communication channel unless expressly requested by us.

LAST UPDATED: 25 February 2024

  1. Cookies

We use cookies and similar tracking technologies to track the activity on our website and hold certain information.

Cookies are technical communication files with a small amount of data. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies such as beacons, tags and scripts are also used to collect and track information and to improve and analyze our services.

We mainly use cookies to obtain statistical information about the number of visitors, visit purpose, and duration of visit and dynamically generate advertisements and content from user pages. The technical communication file is not designed to receive any other personal data from the main memory.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our services.

For more detailed information, please check our Cookie Policy.

  1. Data Controller

Bilira Teknoloji Anonim Şirketi registered at Esentepe Mah. Kore Şehitleri Cad. İstanbloom No:16/1 - BB:33 Şişli / İstanbul with Mersis Number 0175077334400001 is the data controller. Please find our contact information below:

  • Postal address: Esentepe Mah. Kore Şehitleri Cad. İstanbloom No:16/1 - BB:33 Şişli / İstanbul
  • For privacy-related communications:
  • For all other communications:
  1. Use of Your Personal Data and Our Legal Bases
  1. For Registration and Know-Your-Customer process:
  • Identity information, including name, surname, Turkish identity number for Turkish citizens, foreign identity number for foreign nationals, wallet serial no. and wallet number, mother’s name, father’s name, date and place of birth, gender, nationality;
  • Contact information, including phone number, fax number, e-mail address, residential address, postal code, province, and district;
  • Professional experience information including occupation, education status and working industry;
  • Account information, including username, password, account settings and commercial electronic communication preferences;
  • Identity verification information, including images of your government-issued ID, passport, national ID card or driving license, proof of residence or other identification documents deemed appropriate by government authorities, biometric selfie, proof of residence, the invoice of a subscribed service (e.g., electricity, water, natural gas, telephone services etc.);
  • Suitability test information, including planned investment period and amount, risk and return preferences and source of investment.

a.1. Purpose of Processing:

  • to process your subscription and create your account;
  • to verify your identity and inform the public authorities and institutions in accordance with applicable know-your-customer, anti-money laundering, counter-terrorism financing regulations and our User Agreement and other legislations to which we are subject;
  • to develop, comply and undertake the purchase contract for the products, items or services you have purchased or of any other contract with us through the service and perform our contractual responsibilities;
  • to provide our services and process your transactions on our platforms;
  • to provide and maintain our product and services;
  • to conduct marketing activities and marketing analysis;
  • to send commercial electronic messages, bulletins, newsletters and other messages to you;
  • to contact you via email, phone call, SMS, or other equivalent forms of electronic communication;
  • to track advertising tailored to your interests on the services and other websites;
  • to fulfill our commercial and legal obligations arising from the nature of our services.

a.2 Legal Basis:

We collect and process your personal data on the following bases, which are stated in Articles 5 and 6 of the KVKK and Articles 6 and 9 of the GDPR:

  • You have explicitly consented to the processing of your personal data for one or more specific purposes,
  • Processing is expressly provided for by the laws,
  • Processing is necessary for the establishment or performance of a contract,
  • Processing is necessary for compliance with a legal obligation to which we are subject,
  • Processing is necessary to establish, exercise or defend legal claims.
  1. Transaction Information:
  • Location information, including the location of the transaction;
  • Customer transaction information, including your communication history with us and your;
  • Financial information, including payment card information, bank account number, IBAN, receipt information, monthly income, salary and source of funds;
  • Transaction security information, including IP address, device type, operating system and browser information.

b.1. Purpose of Processing:

  • to carry out all transactions, including deposits, withdraw any other transactions you can make on the platform;
  • to create reports on daily/monthly user transaction amounts;
  • to conduct financial verifications regarding user transactions;
  • to prevent any third party other than our users from unfairly benefiting from our services;
  • to ensure the security of our users’ accounts;
  • to establish, exercise or defense the rights of our Company, our users or other third parties regarding a current or potential legal dispute;
  • to fulfill our commercial and legal obligations arising from the nature of the services provided by Our Company.

b.2 Legal Basis:

We collect and process your personal data on the following bases, which are stated in Article 5 of the KVKK and Article 6 of the GDPR:

  • Processing is expressly provided for by the laws;
  • Processing is necessary for the establishment or performance of a contract; and
  • Processing is necessary for compliance with a legal obligation to which we are subject.
  1. Compliant & Service Request Information: Your requests, complaints or recommendations.

c.1 Purpose of Processing:

  • to provide and improve our website;
  • to enhance a better user experience by tailoring our services;
  • to review your questions, recommendations and opinions and respond to your customer service requests and support needs;
  • to ensure the coordination between the units of our Company for the continuity of our services.

c.2 Legal Basis:

We collect and process your personal data for our legitimate interests, as stated in Article 5 of the KVKK and Article 6 of the GDPR, always provided that such interests are not overridden by your interests or fundamental rights and freedoms which require the protection of personal data.

  1. Data Collected Through Cookies: Please check our Cookie Policy.  

d.1 Purpose of Processing: Please check our Cookie Policy.  

d.2 Legal Basis:

We collect and process your personal data on the following bases, which are stated in Article 5 of the KVKK and Article 6 of the GDPR:

  • Processing is expressly provided for by the laws;
  • Processing is necessary for the establishment or performance of a contract; and
  • Processing is necessary for compliance with a legal obligation to which we are subject.

IMPORTANT NOTE: You agree that your personal data provided to us is complete, accurate, and up-to-date, and you will update them as soon as possible upon any change.

  1. Disclosure of Your Personal Data

We may disclose your personal data to the following third parties for the purposes mentioned in Section 4:

  • Our hosting service provider suppliers for securely storing your data;
  • Our business partners and solution partners for enhancing a better user experience as specified in Section 4;
  • Our servers and cloud computing providers located abroad that we receive information technology support for archiving and storage;
  • Public authorities, legally authorized persons and institutions, regulators, and government officials to meet our legal and regulatory requirements or to protect or defend our rights or property under applicable laws.

For compliance with the GDPR, we ensure our suppliers and business partners, whether located outside the EEA or not, take appropriate technical and organizational security measures in accordance with applicable data protection laws and use it solely for the purposes specified by us.

Unless otherwise stipulated in the KVKK, third parties with whom we share your personal data are obliged to protect your personal data and are limited for the purpose of sharing and are under the control of BiLira.

  1. Retention and Security of Your Personal Data

We take all the necessary measures to ensure that your data is treated securely and in accordance with this Privacy Policy, and no transfer of your personal data will take place to an organization or a country unless stated in this Privacy Policy and there are adequate controls in place including the security of your data and other personal information.

We will retain your personal data only for as long as they are necessary for the purposes set out in this Privacy Policy. If we no longer have a legal basis or a purpose for processing your personal data, we will delete, destroy or anonymize such personal data.

6.1 Technical Measures

  • We carry out systematic, regulated, planned, manageable, sustainable and recorded activities that are accepted by the management and based on global security standards within the scope of the Information Security Management System to ensure confidentiality, integrity, and availability of information.
  • We take measures to ensure cyber security, including but not limited to firewall and gateway measures; preventing employees from accessing threatening websites or online services; deleting unused software and services from computers; ensuring that software and hardware are up-to-date against security vulnerabilities.
  • We take measures to monitor personal data security, including checking software and services running in our information networks and determining infiltrations or non-infiltrations in them; keeping log records of all our users; preventing unlawful copying of data by third parties during maintenance and repair of any device on which the data is processed.
  • We take measures to ensure the security of environments containing personal data, such as identifying, preventing and minimizing risks such as theft, loss, or damage of the devices or printed documents where personal data are stored.
  • We take measures for personal data stored in the cloud, such as controlling data security measures of cloud storage systems and providers; encrypting personal data with cryptographic methods when disclosing to these systems and service providers; restricting and controlling access to these systems and service providers.
  • We take measures to ensure the security of supply, development and maintenance of information technology systems, such as establishing control mechanisms within the applications to control data entry and preventing its corruption; preventing data loss; avoiding sending data-storing parts or taking necessary measures when the devices are sent to third parties due to hardware errors.
  • We make access restrictions in environments in our Company’s buildings, such as archive rooms where personal data is kept and take security measures for electronic devices containing personal data.

6.2 Organizational Measures

To protect your personal data, we provide awareness training to our employees and inform them not to disclose and use in any way any personal data to third parties against the KVKK, GDPR and applicable data privacy legislation during and after their employment.

We keep our privacy policies and notices under regular review and make sure they are up-to-date and accurate. In addition, we include special provisions in the contracts with third parties to protect your personal data, carry out periodic audits to assess the risks, and minimize the personal data we collect to what is necessary.

6.3 Notification and Communication of Personal Data Breaches

In case of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed (“data breach”), we will notify the relevant data protection authorities and the relevant data subjects of the data breach within 72 hours after having become aware of it, if required by Article 33 of the GDPR.

  1. Reporting Security Vulnerability

If you notice any technical vulnerability, please contact us via including your contact information and name and with the details of the vulnerability and if possible, the explanations about what we need to do to identify or verify this vulnerability.

  1. Links to Third Party Sites

We may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third-party’s site. We strongly advise you to review the privacy notices of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies/notices, or practices of any third-party sites or services.

  1. Marketing

We may occasionally communicate news, updates, promotions, and information relating to our products and services. We shall only do this where you have given us your consent or otherwise where we are permitted to do so under the data protection laws in pursuit of our legitimate interests.

We may share personal data with third parties to help us with our marketing and promotional projects or send marketing communications.

If you want to opt out of receiving promotional and marketing emails, text messages, posts and other forms of communication from us (or our promotional partners), which you might receive in accordance with this section, you can choose one of the following ways:

  • Click “unsubscribe” at the bottom of an email we sent you; or
  • Contact us at and request to opt-out.

If you do opt out of receiving promotional and marketing messages, we will no longer use or transfer your personal data to third parties for direct marketing purposes. We want to remind you that we may continue to send transactional or administrative e-mails (e.g., account status and activity updates, respond to your inquiries or complaints, etc.) related to our services or your requests for information or materials, even if you opt-out.

  1. Age Limit and Collection of Children’s Personal Data

To use our services, you must be at least 18 years old. No one under 18 should provide personal data to or on the services. We will terminate or suspend the relevant user accounts without notice if the account owner or the person who performs the transaction is under 18.

We do not knowingly collect personal data from children under 18. We encourage parents and legal guardians to monitor their children's internet usage and to help enforce our Privacy Policy by instructing their children never to provide us with personal data without their permission. If you have any concerns about your child’s privacy with respect to our services, or if you believe that your child may have provided his/her personal data to us, please contact us via We ensure to delete such personal data from our records immediately.

DISCLAIMER: When processing open data from social networks, it might be reasonably impossible to recognize the real age of users. Our verification of the age of users is limited to the technically available and reasonable treatment of the information openly provided by the social networks from which we collect the data. In case of fallacious, erroneous or missing age data, the social networks shall be solely responsible for violation of requirements of the GDPR and other data protection laws in relation to the personal data of children.

  1. Your Rights

You may benefit from various rights as a "data subject".

You may, at any time, exercise any of the above rights, by contacting us via or by sending your request to Esentepe Mah. Kore Şehitleri Cad. İstanbloom No:16/1 - BB:33 Şişli / İstanbul, together with proof of your identity, i.e. a copy of your ID card, passport, or any other valid identifying document.

Please note that we may reject requests that are excessive or a misuse of the relevant right or we may not be able to give you access to your personal data that we hold, if making such a disclosure would breach our legal obligations to other data subjects or if prevented by any applicable law or regulation.

  1. If you are from Turkey:

Under Article 11 of the KVKK, you are entitled to:

  • learn whether your personal data is processed or not;
  • demand information as to if your personal data have been processed;
  • learn the purpose of the processing of your personal data and whether these personal data are used in compliance with the purpose;
  • know the third parties to whom your personal data are transferred in-country or abroad;
  • request the rectification of the incomplete or inaccurate data, if any;
  • request the erasure or destruction of your personal data under the conditions referred to in Article 7 of the KVKK;
  • request reporting of operations as the rectification of the incomplete or inaccurate data or the erasure or destruction, to the third parties to whom your personal data have been transferred;
  • object to the occurrence of a result against you, by analyzing the data processed solely through automated systems;
  • claim compensation for the damage arising from the unlawful processing of your personal data.
  1. If you are from the European Economic Area or in certain countries, you are also entitled (with some exceptions and restrictions) to:
  • Access: You have the right to request information about how we process your personal data and to obtain a copy of that personal data.
  • Rectification: You have the right to request the rectification of inaccurate personal data about you and for any incomplete personal information about you to be completed.
  • Objection: You have the right to object to the processing of your personal information, which is based on our legitimate interests.
  • Deletion: You can delete your account by using the corresponding functionality directly on the service.
  • Automated decision-making: You have the right to object to a decision made about you that is based solely on automated processing if that decision produces legal or similarly significant effects concerning you.
  • Restriction: You have the right to ask us to restrict our processing of your personal data so that we no longer process that personal data until the restriction is lifted.
  • Portability: You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and to have that personal data transmitted to another organization in certain circumstances.
  • Complaint: You have a right to lodge a complaint with the authorized data protection authority if you have concerns about how we process your personal data. The data protection authority you can lodge a complaint with notably may be that of your habitual residence, where you work or where we are established.
  1. Right to withdraw consent

If you have provided your consent to the collection, processing, and transfer of your personal data, you have the right to fully or partly withdraw your consent. To withdraw your consent please follow the opt-out links on any message sent to you or contact us via

Once we have received the notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

  1. Changes to our Privacy Policy

This Privacy Policy is published on our website ( and is applicable as of the Last Updated date.

We reserve the right to update and change this Privacy Policy from time to time to reflect any changes to how we process your personal data or if any legal requirements change. Any changes we may make to our Privacy Policy in the future will be posted on this page. So please check back frequently for any updates or changes to our Privacy Policy.

  1. Contact us

If you have any questions or concerns about our privacy practices, data collection or processing practices, or if you want to report any security violations to us, please get in touch with us via