1Introduction
This notice has been prepared to inform you about the processing of your personal data by Sosyalin ("Company", "we", "us").
Sosyalin is a company established under English law and is subject to the provisions of UK GDPR (UK General Data Protection Regulation) and the Data Protection Act 2018. This legislation is aligned with the EU GDPR and provides the highest international standards for the protection of personal data.
For our users in Turkey, you may also exercise rights similar to your rights under the Law on the Protection of Personal Data (KVKK) No. 6698 under UK GDPR.
2Data Controller
The data controller responsible for the processing of your personal data (Data Controller):
3Processed Personal Data
We process the following personal data in order to provide our services:
| Data Category | Data | Processing Purpose |
|---|---|---|
| Identity Information | Name, surname, username | Account creation and management |
| Contact Information | Email address | Communication and information |
| Transaction Information | Order history, payment references | Service provision and billing |
| Digital Identity | Social media profile links | Service delivery |
| Technical Data | IP address, browser information, device information | Security and platform improvement |
| Usage Data | Page views, session durations | Platform analysis and improvement |
Important: We never collect or process your social media account passwords. No account password is required for our services.
4Processing Purposes
Your personal data is processed for the following purposes:
- To provide our services and process your orders
- To create and manage your account
- To provide customer support and respond to your requests
- To process payments and for billing
- To improve and personalise our platform
- To take security measures and prevent fraud
- To fulfil our legal obligations
- To communicate with you (service notifications, updates)
- To conduct marketing communication with your explicit consent
5Legal Basis
Under UK GDPR, we process your personal data on the following legal bases:
Performance of Contract (Article 6(1)(b))
Data processing activities necessary for the performance of the service contract between us.
Legitimate Interest (Article 6(1)(f))
Our legitimate interests such as platform security, fraud prevention, service improvement.
Legal Obligation (Article 6(1)(c))
Fulfilment of tax, accounting and other legal requirements.
Explicit Consent (Article 6(1)(a))
Your explicit consent for marketing communication and optional cookies.
6Data Transfer
6.1. Domestic Transfer
Your personal data may be shared with our service providers in the United Kingdom to the extent necessary for service provision.
6.2. International Transfer
Your data may be transferred to countries outside the United Kingdom. In such cases:
- Transfer is made to countries with UK adequacy decisions
- Standard Contractual Clauses (SCCs) are used for countries without adequacy decisions
- Additional security measures (encryption, access control) are applied
6.3. Parties to Whom Transfer is Made
- Payment processors (for secure payment)
- Hosting and infrastructure providers
- Customer support tools
- Analytics service providers
- Competent authorities in case of legal obligation
7Retention Period
Your personal data is retained for the period required by the processing purpose:
- Account Information: While account is active + 2 years
- Order Records: 7 years (legal requirement)
- Contact Records: 3 years
- Analytics Data: 26 months (anonymised)
Data whose retention period has expired is destroyed or anonymised by secure methods.
8Your Rights
Under UK GDPR you have the following rights. These rights largely overlap with the rights under KVKK for users in Turkey:
Right to Be Informed
To learn whether your personal data is being processed and the purpose of processing
Right of Access
To access your processed personal data and to request a copy thereof
Right to Rectification
To request the correction of your personal data that is incomplete or incorrectly processed
Right to Erasure
To request the erasure of your personal data under certain conditions
Restriction of Processing
To request the restriction of personal data processing in certain circumstances
Data Portability
To receive your data in a structured, commonly used format
Right to Object
To object to processing based on legitimate interest or for marketing purposes
Automated Decision-Making
Not to be subject to decisions based solely on automated processing
9Application Methods
You may apply through the following methods to exercise the rights set out above:
Email: destek@sosyalin.com
Application Process
- Your application is assessed and responded to within 30 days
- This period may be extended to up to 60 days for complex requests (with notification)
- Additional information may be requested for identity verification
- Exercising your rights is free (except for manifestly unfounded or excessive requests)
10Contact
For your questions or requests regarding the processing of your personal data:
Email: destek@sosyalin.com
Right to Complain
If you are not satisfied with our data processing practices, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the United Kingdom.
ICO: ico.org.uk | Phone: +1 208-538-3216