Logo ZADAX.NET
Store Library Hive Blog Contact
Become a Developer
Login Sign Up
Return to Home

PRIVACY POLICY

Version 0.1 • Last Update: 23 February 2026

ZADAX STORE PRIVACY POLICY

Last Updated: 23.02.26

At Zadax Store (“Platform”), we value the privacy of our users. This Privacy Policy explains how personal data is collected, processed, shared, and protected within the scope of KVKK in Turkey and GDPR in Europe. By using the Platform, you are deemed to have accepted this Policy.

1. INTRODUCTION

As the Data Controller, Zadax Store (“Platform”) shows maximum sensitivity to the security of your personal data. In accordance with the Personal Data Protection Law No. 6698 (“KVKK”) and the European Union General Data Protection Regulation (“GDPR”), we process your data within the framework explained below.

2. DEFINITIONS

To ensure legal clarity:

  • Personal Data: Refers to any information relating to an identified or identifiable natural person (Name, e-mail, IP address, etc.).
  • Data Subject: Refers to the Platform user (Buyer or Seller) whose data is processed.
  • Data Processing: Refers to any operation performed on data such as obtaining, recording, storing, updating, or transferring it to third parties.
  • The Board: Refers to the Personal Data Protection Board.

3. COLLECTED DATA AND METHOD OF COLLECTION

The Platform collects the following data categories through automated or non-automated methods to provide services and improve user experience:

  • 3.1 Identity and Contact Information: Name, surname, e-mail address, and username. Phone number information may be requested in the future for service security or verification purposes.
  • 3.2 User Profile Information (Optional): Profession, software of interest, programs used, and location/address information declared by the user in their profile.
  • 3.3 Interaction and Content Data: Comments, ratings, idea shares on the Hive, blog posts, and support requests. Some of this data is, by nature, viewable by other users.
  • 3.4 Technical and Meta Data: IP address, device type, browser information, and approximate location data (country/city level) provided via network security services like Cloudflare.
  • 3.5 Usage Data: In-platform navigation history, click data, download logs, and transaction dates.
  • 3.6 Financial Information (For Sellers): IBAN, bank account information, tax office, and tax identification number for the fulfillment of payments.

4. PURPOSES AND LEGAL GROUNDS FOR PROCESSING

Zadax processes your personal data based on the following legal grounds and purposes:

  • 4.1 Establishment and Performance of a Contract (KVKK Art. 5/2-c): Management of user accounts, product publishing, and licensing processes.
  • 4.2 Legitimate Interests of the Data Controller (KVKK Art. 5/2-f): Shaping sales and marketing policies through user trend analysis; statistical analysis, data mining, and algorithmic modeling for Platform optimization; and improving the in-platform experience through personalized algorithms.
  • 4.3 Fulfillment of Legal Obligations (KVKK Art. 5/2-ç): Keeping traffic logs and storing financial/tax records for legal periods.
  • 4.4 Explicit Consent (KVKK Art. 5/1): Sending advertisements, campaigns, and special offers via e-mail or notifications upon user approval.

5. DATA RETENTION PERIODS

Zadax retains your personal data for the periods required by processing purposes and the statutes of limitations provided in legal legislation:

  • 5.1 Account and Profile Information: Retained as long as your membership is active. Upon account closure, it is archived as passive data for 10 years for evidence in potential legal disputes.
  • 5.2 Traffic and Log Records: Pursuant to Law No. 5651, access and traffic records must be stored for at least 2 years.
  • 5.3 Commercial and Financial Records: Data regarding sales, invoices, and payment records of Sellers are stored for 10 years in accordance with the Turkish Commercial Code and Tax Procedure Law.
  • 5.4 Marketing Consents: Retained until you withdraw your consent (unsubscribe). Upon withdrawal, records are kept for 3 years for proof purposes.
  • 5.5 Content and Interaction Data: Comments, Hive ideas, and blog posts may continue to be stored anonymously or with a username for the life of the Platform to maintain Platform integrity.
  • 5.6 Data Destruction: Upon expiration of retention periods, Zadax deletes, destroys, or anonymizes the data through periodic destruction processes.

6. USER (DATA SUBJECT) RIGHTS

Under KVKK Article 11 and GDPR, you have the following rights regarding your data processed by Zadax:

  • 6.1 Scope of Your Rights:
    • Information: Learning whether your data is processed and requesting detailed information.
    • Rectification: Requesting the correction of incomplete or incorrect data.
    • Erasure (Right to be Forgotten): Requesting erasure when processing grounds no longer exist (legal retention periods apply).
    • Objection: Objecting to results arising exclusively from analysis via automated systems (algorithms).
    • Data Portability (GDPR): Requesting the transfer of your data in a machine-readable format to you or another organization.
    • Compensation: Requesting compensation for damages incurred due to unlawful processing.
  • 6.2 Application: You may submit your requests via [E-mail Address]. Requests will be finalized free of charge within 30 days.

7. COOKIES AND TRACKING TECHNOLOGIES

Zadax uses cookies and similar technologies for technical operation, remembering preferences, analyzing traffic, and offering personalized engineering tool content. Both first-party and third-party (e.g., Google Analytics, Cloudflare) cookies are used. Non-mandatory cookies require your explicit consent via our Cookie Preference Panel. For detailed management, please review the [Zadax Cookie Policy].

8. DATA SECURITY AND INFRASTRUCTURE PROTECTION

  • 8.1 Measures: Zadax implements industry-standard technical and administrative measures such as SSL encryption, firewalls, access restrictions, and regular audits.
  • 8.2 Infrastructure: Data is stored on Zadax’s own servers or high-security data centers of professional providers (AWS, Google Cloud, DigitalOcean, etc.) compliant with standards like ISO 27001 or SOC 2.
  • 8.3 Limitation of Liability: While Zadax makes every effort, it cannot be held responsible (absent gross negligence) for data access issues or losses arising from infrastructure failures of cloud providers, unpredictable cyberattacks (DDoS, zero-day), or force majeure events.
  • 8.4 User Responsibility: The User is responsible for keeping their password confidential. Zadax is not responsible for leaks arising from security vulnerabilities on the user's device or the compromise of their password.

9. DATA TRANSFER (DOMESTIC AND INTERNATIONAL)

Data is shared on a "need-to-know" basis for the purposes in Article 3:

  • 9.1 Domestic: With partners, hosting/support providers, legal/tax consultants, and authorized public institutions (BTK, Revenue Administration, Courts, etc.).
  • 9.2 International Financial Transfers: Identity and account details may be shared with international payment providers and financial institutions for cross-border payments and AML/KYC compliance.
  • 9.3 International Technical Services: Technical data (IP, logs) may be transferred cross-border as providers like Cloudflare or AWS have servers abroad.
  • 9.4 Legal Safeguards: Transfers are performed with the "minimum data" set, provided there is adequate protection or Standard Contractual Clauses (SCC) are signed.
  • 9.5 Anonymized Data: General sales trends and engineering category statistics may be shared with third parties for commercial analysis.

10. CHILDREN’S PRIVACY (AGE LIMIT 18)

Zadax Store is not designed for individuals under 18. We do not knowingly collect or process data from children. If a parent notices a child has provided data, contact [E-mail Address] for immediate account closure and data deletion (subject to legal retention for financial records).

11. AMENDMENTS AND UPDATES

Zadax may unilaterally update this Policy for legal, technical, or service model reasons. Updates are effective upon publication, and the "Last Updated Date" confirms the version. Significant changes will be announced via in-platform notifications or e-mail. Continued use signifies acceptance of the updated Policy.

12. DATA CONTROLLER INFORMATION AND CONTACT

The status of "Data Controller" for data collected through the Platform belongs to [Company Title / Name Surname], resident at Ankara/Turkey.

  • E-mail: [E-mail Address] 
  • Address: Turkey / Ankara 
  • Support: Via the "Support" or "Contact" form on the Platform. Applications must include name, signature (for written), ID/Passport number, address, and the subject of the request.

13. GENERAL PROVISIONS

  • 13.1 Language: The original language is Turkish. Translations are for guidance only; the Turkish text prevails in case of conflict.
  • 13.2 Governing Law: Republic of Turkey laws apply. Ankara (Central) Courts and Execution Offices are exclusively authorized.
  • 13.3 Severability: If any provision is found invalid, the remaining provisions remain in full force.
  • 13.4 Evidence Agreement: System records, logs, and e-mail correspondences constitute definitive and exclusive evidence.
  • 13.5 Entirety: This Policy supersedes all previous agreements regarding data privacy between Zadax and the User.

 

If you have questions about this document, please contact our support team.

v2026.06.02.0938