We have compiled below the answers to all the questions we think you may be curious about. For any questions not covered here, you can contact us via the contact form.
As Lidio Payment Services Joint Stock Company (“Lidio”), we process your personal data during the provision of payment services. Lidio carries out these personal data processing activities in accordance with the provisions of the Personal Data Protection Law No. 6698, Law No. 6493 on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions, and related legal regulations.
Your personal data is collected lawfully, processed in a manner that is relevant, limited, and proportionate to the legal grounds and data processing purposes set out below, and transferred only to the extent limited to the purpose of transfer. Within the scope of general principles, your personal data is processed fairly, accurately and up to date, for specific, explicit, and legitimate purposes, and is stored with utmost care for information security measures.
The purposes for which your personal data is processed by Lidio, the legal grounds relied upon, and the purposes of transfer are set out below.
| Personal Data | Purpose of Data Processing | Legal Basis | Transfer Status and Purpose |
|---|---|---|---|
|
|
Being directly related to the establishment and performance of a contract | No transfer is made |
|
Conducting customer onboarding processes with the merchant | Being directly related to the establishment and performance of a contract | No transfer is made |
|
Identity verification during customer onboarding processes | Explicitly stipulated by law |
|
|
Verification of the mobile phone number | Explicitly stipulated by law | Outsourced service provider (outsourcing for mobile phone verification) |
|
Performing required verification procedures during identity verification | Explicit consent | Outsourced service provider (outsourcing for identity verification) |
|
Registration in the Merchant Registration System | Explicitly stipulated by law | Interbank Card Center A.Ş. (creation of the merchant registration system) |
|
Creation of a user account in the merchant panel | Being directly related to the establishment and performance of a contract | No transfer is made |
|
Filing suspicious transaction reports | Explicitly stipulated by law | Financial Crimes Investigation Board |
|
Fulfillment of requests from official institutions and organizations | Explicitly stipulated by law |
|
|
Creating audit trails and maintaining log records | Explicitly stipulated by law | Outsourced service provider (outsourcing for information systems) |
|
Creation of the merchant current account record | Being directly related to the establishment and performance of a contract |
|
|
Execution of fee invoicing and collection processes | Fulfillment of legal obligation | Outsourced service provider (procurement of accounting software services) |
|
Execution of chargeback processes | Explicitly stipulated by law | Partner banks and payment institutions |
|
Carrying out communication activities | Being directly related to the establishment and performance of a contract | No transfer is made |
|
Execution of call center processes |
|
Outsourced service provider (procurement of call center services) |
|
Sending commercial electronic messages | Explicit consent | Outsourced service provider (procurement of email infrastructure services) |
Within the scope of the remote identity verification process, facial data constituting biometric data may be processed. Such data is processed for the purpose of fulfilling the obligations imposed on us under Law No. 5549 on the Prevention of Laundering Proceeds of Crime and the relevant legislation. Facial data is obtained in accordance with the principles set forth in the Communiqué on the Procedures and Principles Regarding the Remote Identity Verification Process (Serial No: 19) and is used solely for the purpose of carrying out identity verification processes. Records relating to identity verification, including biometric data, are retained for eight (8) years from the date of the last transaction in accordance with the relevant legislation. Facial data may be processed by the outsourced service provider from whom remote identity verification services are obtained, solely for the purpose of performing the identity verification service within the scope of the controller-processor relationship. Such service providers are obliged to take the necessary technical and administrative measures within the scope of data security, confidentiality, and compliance obligations.
| Personal Data | Purpose of Data Processing | Legal Basis | Transfer Status and Purpose |
|---|---|---|---|
|
Identity Information (Name-Surname) Contact Information (Email, Phone Number) Other Information (Message Content of the Contact Form Owner) |
Receiving and responding to contact form requests through the completion of the contact form on the Lidio website | Explicit consent | No transfer is made |
| Personal Data | Purpose of Data Processing | Legal Basis | Transfer Status and Purpose |
|---|---|---|---|
|
Carrying out fraud prevention processes in payment transactions | Legitimate interest | No transfer is made |
|
Filing suspicious transaction reports | Explicitly stipulated by law | Financial Crimes Investigation Board |
|
Fulfillment of requests from official institutions and organizations | Explicitly stipulated by law |
|
|
Execution of chargeback processes | Explicitly stipulated by law | Partner banks and payment institutions |
Within the scope of the data processing purposes listed above, Lidio transfers your personal data it has obtained, provided that it complies with the conditions set forth in Articles 8 and 9 of the Personal Data Protection Law No. 6698 and takes the necessary security measures, limited to the purposes specified in the table above.
Your personal data is collected in physical and electronic environments and processed in line with the purposes listed above.
As the personal data owner, you may at any time exercise your rights specified in Article 11 of the Law by applying to Lidio, the Data Controller.
In order to exercise your relevant rights, you may submit a wet-signed petition clearly stating which rights you wish to exercise, or the form below, together with documents identifying your identity in line with the information contained in the form. Lidio will respond to written applications from the data subject containing the above requests within 30 (thirty) days.
If you are acting on behalf of another person in the matter you request, you must be specifically authorized in this regard and your authority must be documented; the application must include identity and address information, and documents verifying your identity must be attached to the application.
Within the scope of the Personal Data Protection Law No. 6698 (“Law”), it is regulated that natural persons whose personal data is processed (“Relevant Person”) may exercise certain rights listed in Article 11 of the Law by applying to the Data Controller, Lidio Payment Services Joint Stock Company (“Company”). The rights that the Relevant Person may exercise by applying to the Data Controller are also included in the ………. Information Notice at ……. address.
Within the scope of the Communiqué on the Principles and Procedures for Application to the Data Controller (“Communiqué”), the procedure for applications to be made by Relevant Persons to the Data Controller has been determined, and applications made outside these procedures, which will also be explained below, cannot be evaluated by Lidio Payment Services Joint Stock Company in order to act in compliance with the legislation and personal data security.
The contact information to be used for these application methods is as follows.
| Notary public or registered mail with return receipt | It may be sent to the Data Controller’s legal address, “Maslak Mahallesi Dereboyu Cad. Meydan Sok. Beybi Giz Plaza No:1, Floor:25 No:95 34485. Sarıyer / ISTANBUL” with the statement “Request for Information Regarding Personal Data Processing” or a similar explanation. |
| Application by email | An email should be sent to [email protected] with the statement “Request for Information Regarding Personal Data Processing” or a similar explanation, through your email address registered in the Data Controller’s system. |
| Application with secure electronic signature or mobile signature | Documents signed with your secure electronic signature or mobile signature should be sent by email to [email protected] with the statement “Request for Information Regarding Personal Data Processing”. |
Applications submitted to the Data Controller will be responded to within 30 (Thirty) days in accordance with Article 13, Paragraph 2 of the Law and according to the method you used in the application. In order for your application to be duly evaluated by the Data Controller, for the necessary investigation to be carried out, and for an appropriate response to be given to the Relevant Person, the information or documents requested below or any additional information or documents that may be requested after the application must be submitted to the Data Controller completely. The Relevant Person acknowledges that all responsibility belongs to them if the Data Controller is unable to conduct the necessary investigation due to incomplete or incorrect information or documents provided. If the Data Controller requests the correct version of information determined to be incomplete or incorrect in the Application Form or requests additional information, the 30 (Thirty) day period specified in Article 13 of the Law will stop and will begin to run again from where it left off following the submission of the additional information or documents to the Data Controller.
The Relevant Person accepts and undertakes that all information and documents submitted to the Data Controller through the Relevant Person Application Form or subsequently are accurate and contain no falsehoods. The Relevant Person accepts that, for the purposes of evaluating the Application Form and conducting the subsequent process, they expressly consent to the processing of their personal data by the Data Controller and, when necessary, to its transfer to third parties.
| Name-Surname | |
|---|---|
| Turkish ID No | |
| Phone | |
| Physical Address |
a) If you believe that you fall under one of the types given in the table below, please mark the relevant box in this section and briefly summarize the nature of your relationship with the Data Controller in the area below the relevant section.
| Employee |
Natural Person Merchant / Legal Entity Merchant |
Other |
b) If you think that you fall within a scope that does not comply with the relationship definitions above, please provide the necessary explanation in this section.
Please write your detailed explanations and explicit request below regarding which right under Article 11 of the Law you wish to exercise.
I declare that the information I have provided above is accurate and complete, and I request that my application be taken under review.
| Name – Surname | : |
| Date | : |
| Signature | : |