BiP Privacy Notice

Publication Date: 03.06.2025

Who Are We?

The BiP application Application is provided by Turkcell İletişim Hizmetleri A.Ş. (hereinafter referred to as “BiP”, “we” or “us” throughout this document).

BiP is committed to protecting and securing your Personal Data in accordance with the Law on the Protection of Personal Data No. 6698 Law, the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data, as well as other applicable legal provisions (hereinafter referred to as “Data Protection Legislation.

BiP Privacy Notice Privacy Notice outlines how information that identifies you or may make you identifiable Personal Data may be collected, used, and shared. If you have any requests or complaints regarding this Privacy Notice, please contact us via the Data Protection Officer whose contact information is provided in the “Contact Us” section below. You may also apply to your local data protection authority. Terms not defined in this Privacy Notice shall be interpreted in accordance with the definitions provided under BiP’s internal Terms of Use Terms of Use. For more information about cookies, please also review the BiP Cookie Policy.

How Is Your Personal Data Collected?

BiP collects your Personal Data depending on the products or services you use, either directly when you voluntarily provide it to us, or when information is transmitted through the Application. You can find detailed information in the sections below regarding which data is collected and for what purposes.

Which Personal Data of Yours Is Collected?

The information contained in this document may vary from person to person depending on the products and services used or their requests and consents. Below are the categories of personal data that may be processed by BiP.

  • Identity and Contact Information: Phone number, username (nickname), avatar, mobile network operator and passwords used to keep the account secure,
  • Usage Information: Technical data collected via your device using technical equipment, the type of messages sent (without collecting content)—e.g., text messages, videos, etc.—the time periods during which the app is actively used, types of services used, usage patterns regarding the application interface, the last login date, errors that occur during use and related error details, type of communication (BiP Calls, instant messages, etc.), communication status, duration, date and parties involved, and data about the people communicated with.

BiP does not collect any data related to the content of your communications through the Application.

  • Personalization Information and Surveys: Nickname, profile picture, status information, blocked numbers, and survey data obtained via the Application.
  • Location Data: If users utilize location-related features, data about their (approximate) location may be collected depending on their device settings.
  • Device Information: Device model, operating system, preferred language, the operator used by the user, and country information.
  • Backup Information: Communication data consisting of messages, photos, and videos exchanged within the Application.
  • Contacts List: Name, surname and phone numbers of third parties stored in the users' phones.

Method, Purpose, and Legal Basis for Processing Your Personal Data

Your Personal Data may be processed in accordance with the Data Protection Legislation, depending on your relationship with BiP and the specific products/services used. The processing of Personal Data may vary on a case-by-case basis.

Personal Data may be processed, either partially or entirely through automated or non-automated means, based on the legal grounds specified in Articles 5 and 6 of the Law, this Privacy Notice, Article 6 of the EU General Data Protection Regulation, or other applicable data protection legislation, in line with the legal bases and purposes listed below.

  • Cases explicitly provided for by law:

The personal data listed in this Privacy Notice may be processed in accordance with the legislation if it is explicitly required by the laws applicable to BiP.

Processed Data: Identity and Contact Information, Usage Information, Personalization Information and Surveys, Location Data, Device Information, Backup Information, Contacts List

Purposes of Processing: Fulfilling legal obligations required or mandated by regulatory and supervisory authorities; conducting legal proceedings and legal follow-up; verifying your identity when necessary; taking necessary actions to detect and prevent fraud, abuse, and loss; storing information that must be retained under applicable legislation; ensuring the consistency of your information; implementing technical and administrative measures necessary for the security of your personal data; resolving disputes, especially including user complaints and other forms of conflict resolution.

  • Processing of personal data is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract:

BiP processes your personal data to provide the BiP Application to you in accordance with the Terms of Use and our service standards.

Processed data: Identity and Contact Information, Usage Information, Personalization Information and Surveys, Location Information, Device Information, Contacts List

Purposes of Processing: Provision of the service; execution and follow-up of the processes you request in relation to the service; registration to the Application, use of the Application, creation of an account and profile, form completion, responding to error/fault reports, monitoring, development and implementation of operational activities, business development, quality measurement of the services, enabling you to contact us, execution of internal evaluations, service analysis, complaint management processes, informing you about the benefits, terms, membership, sweepstakes, competitions, rewards related to products and services, and carrying out the necessary actions for their use; allowing participation in surveys or promotions and managing these processes, business development and risk management, provision of translation services offered by Microsoft and Google (as further detailed below), and improving service quality based on error/fault reports and usage habits. During the processing of personal data under this category, no data regarding the content of communications is accessed.

Under the same legal basis, the following purposes are also included: enabling users to share their locations with each other, monitoring and managing location-based services related to the “Discover” section, optimizing the Application and its associated services for product and strategy development, and ensuring that the user’s device operates properly with the Application and its related settings.

  • Processing of personal data is necessary for BiP to fulfill its legal obligations

Processed data: Identity and Contact Information, Usage Information, Personalization Information and Surveys, Location Information, Device Information, Backup Information, Contacts List

Purposes of Processing: Detecting irregularities/fraud and unauthorized or fraudulent use; conducting audits and controls; resolving user complaints; retaining information that must be preserved under applicable legislation; copying and backing up data to prevent data loss; ensuring consistency of your information; implementing necessary technical and administrative measures for the security of your data; responding to requests from authorized public institutions, administrative authorities, and legal entities; and conducting legal proceedings.

  • Personal data made public by the data subject

Personal data such as the content you share in the “Status” section during the provision of the messaging service or within BiP Channels may be processed by BiP for the purpose of public disclosure, without being recorded or stored in BiP’s systems.

  • Processing of personal data is necessary for the establishment, exercise or defense of legal claims

Processed data: Identity and Contact Information, Usage Information, Personalization Information and Surveys, Location Information, Device Information

Purposes of Processing: Enabling the user and third parties to exercise their legal rights, particularly fundamental rights and freedoms, before authorized authorities; addressing all claims related to benefits, sweepstakes, and promotions provided by BiP or other institutions and organizations; and execution of complaint management processes.

  • Processing of personal data is necessary for the legitimate interests of Turkcell, provided that it does not violate your fundamental rights and freedoms

Processed data: Identity and Contact Information, Usage Information, Personalization Information and Surveys, Location Information, Device Information, Backup Information, Contacts List

Purpose of processing: Verifying your identity when necessary; taking measures to detect and prevent abuse, loss, or fraud; developing, diversifying, measuring, auditing, and analyzing products and services; evaluating your interest in products and services; conducting customer satisfaction research; determining/managing/identifying risk levels; ensuring the consistency of your data; implementing necessary technical and administrative measures to ensure the security of your personal data; and conducting legal proceedings and follow-up processes.

  • With your explicit consent

In accordance with the Law, for personal data processing activities that require explicit consent, you are provided with detailed information and your explicit consent is obtained separately.

If you provide specific explicit consent for the purposes listed below, your Identity and Contact Information, Usage Information, Personalization Information and Surveys, Location Information, and Device Information may be processed:

  • Promotion and direct or indirect marketing of products and services (customer campaigns, advertisements, recommendations of services and features to customers, presentation of advertisements), contacting you for such purposes, informing you about campaigns and discounts; enabling you to benefit from memberships, events, and economic advantages, and carrying out necessary procedures for their use.
  • Offering proposals, gifts, and promotions; delivering targeted marketing through analysis and profiling; presenting ads tailored to your preferences; classifying customers by location, operator, usage duration, time spent in the application, and features used; determining your usage habits; sending personalized messages such as greetings and wishes, prizes, sweepstakes, and content you liked, may want to revisit, or would appreciate being reminded of.
  • Promoting products and services offered together with our business partners and third parties, or promoting their own products and services.

Although the legal basis for the processing of Personal Data may vary depending on the products and services individuals benefit from or their requests and consents, in cases where the legal basis for processing the User’s Personal Data is their explicit consent, the user has the right to withdraw this consent at any time.

Backup Information; If you activate the “Back up BiP” option in the Settings tab of the Application, your explicit consent will be obtained and BiP may back up your data. This allows you to regain access to your previously backed-up chats, which include Backup Information, if you log in from another device.

Contacts List; If you grant the Application access to your contacts during registration via your device’s operating system, this data may be processed in order to use the messaging and calling features within the Application, block other BiP users in your contacts, or hide your status updates from them at your discretion.

In addition, with your explicit consent, your Contacts List may be processed to notify BiP users who already have your number saved in their contacts that you have started using the app. This notification will be sent on your behalf through the Application. As a current BiP user, if you do not wish to receive such notifications from newly joined users, you can disable the “Notify when a contact joins BiP” option in the Notifications section under Settings.

Purpose Limitation

Personal Data may only be processed to the extent necessary and in line with the purposes explained above. Personal Data may not be processed for purposes other than those for which it was originally collected. If it becomes necessary to process Personal Data for different purposes, BiP will assess whether the intended processing purposes are compatible with the original purposes of collection. Before processing the data for any new purpose, BiP will inform the user about this additional processing activity. BiP will not process more Personal Data than required for the intended purpose and will ensure that the data processing activities remain limited and proportionate to the stated objective.

BiP may anonymize and aggregate each piece of collected data (so that the respective users are not identifiable or made identifiable). Anonymized data may be used by BiP for purposes such as testing its information technology systems, conducting research and data analysis, improving the Application, developing new products, displaying information related to advertising and profiling.

Where Personal Data is Stored and Processed?

BiP’s servers are located in Turkey, and all usage-related data is stored within Turkey.

As part of collaborations with operators located abroad, data related to users from those countries may be transferred to the relevant foreign operator and stored on their servers in line with BiP usage in that specific country.

BiP takes all reasonable measures to ensure that Personal Data is processed securely and in compliance with this Privacy Notice and applicable Data Protection Legislation. The transfer of Personal Data is carried out only in accordance with applicable Data Protection Legislation and only if appropriate safeguards are in place to ensure an adequate level of protection, as required by the applicable laws.

With Whom and for What Purposes Personal Data is Shared?

BiP may share the Personal Data it obtains in accordance with the purposes and regulations set out in this Privacy Notice with the following parties:

  • Users: As part of the Application, users may share Personal Data with other users (including Official Accounts), enabling interaction between users in line with the functionality of the service, their preferences, and to the extent permitted by applicable law. If a user shares Personal Data belonging to another data subject, that user assumes full responsibility for the sharing of such data.
  • Judicial authorities, regulatory bodies, and other parties in line with legal obligations: BiP may share Personal Data with authorized bodies when required by a legal obligation or to protect its own rights, property, or safety, or the rights, property, or safety of third parties.

BiP may provide third parties with aggregated statistical data and analyses regarding users of the Application. BiP declares that such shared data will not render individuals identifiable unless disclosed by the data subject themselves.

If you activate the automatic translation function, the words you send will be shared with Microsoft or Google, third-party service providers. BiP is not responsible for the actions of these third-party service providers.

BiP does not monitor the content of communication between users.

Transfer of Personal Data Abroad

Your personal data may be transferred abroad only to the extent necessary for the fulfillment of the relevant purpose, and in accordance with Article 9 of the Law titled "Transfer of Personal Data Abroad" and the Regulation on the Procedures and Principles Regarding the Transfer of Personal Data Abroad. In this context, your personal data may be transferred abroad to the extent required by our business processes and in compliance with the applicable legislation. If an international data transfer is required, it may be carried out using one of the following methods in accordance with the relevant legislation:

  • Transfer to Countries with Adequate Protection: Data may be transferred to countries that have been deemed to provide adequate protection by the Personal Data Protection Board. These countries are announced by the Board.
  • Transfer with Appropriate Safeguards: If the destination country does not provide adequate protection, data may be transferred if appropriate safeguards are ensured and/or with the permission of the Board. Such safeguards may include standard contracts, binding corporate rules, or commitments approved by the Board.
  • Transfer in Exceptional Cases: Where the above conditions cannot be met, your personal data may only be transferred abroad in the following exceptional circumstances:
    • If you have been informed of the potential risks and have given your explicit consent.
    • If the transfer is necessary for the performance of a contract between you and the data controller, or for the implementation of pre-contractual measures taken at your request.
    • If the transfer is necessary for the conclusion or performance of a contract concluded in your interest between the data controller and another natural or legal person.
    • If the transfer is necessary for an overriding public interest.
    • If the transfer is necessary for the establishment, exercise, or defense of a legal right.
    • If the transfer is necessary to protect the life or physical integrity of yourself or another person who is unable to give consent due to actual impossibility or whose consent is not legally valid.

Your Rights Regarding Your Personal Data

In accordance with Article 11 of the Personal Data Protection Law, users of the Application have the following rights:

  • To learn whether their personal data is being processed,
  • To request information if their personal data has been processed,
  • To learn the purpose of the processing of personal data and whether such data is being used in accordance with that purpose,
  • To learn the third parties to whom their personal data has been transferred, whether domestically or abroad,
  • To request the correction of personal data if it is incomplete or inaccurately processed,
  • To request the deletion or destruction of personal data within the scope of Article 7 of the Personal Data Protection Law,
  • To request that the operations carried out for the correction, deletion, or destruction of personal data be notified to third parties to whom the personal data has been transferred,
  • To object to the processing of personal data exclusively through automated systems,
  • To request compensation for damages in case of loss due to unlawful processing of personal data.

In addition to the rights listed above, depending on their location, users of the Application may also have the following rights:

  • To learn whether their personal data is being processed,
  • To request information and a copy of their processed personal data,
  • To learn the purpose of processing and whether their personal data is processed in line with such purposes,
  • To learn the recipients or categories of recipients to whom their personal data has been transferred, both domestically and abroad,
  • To request the correction or restriction of their personal data if it is incomplete or inaccurate,
  • To request the deletion or destruction of their data in accordance with the conditions specified in the Data Protection Legislation,
  • To request the restriction of processing of personal data where such processing is based on the user’s consent,
  • Where technically feasible, to request the transfer of their personal data provided to BiP to another data controller or to themselves in a structured, commonly used and machine-readable format,
  • To object to the processing of their personal data,
  • To request that third parties to whom personal data has been transferred be informed of any correction, deletion, or destruction processes,
  • To object to a result arising against the user due to the analysis of their personal data exclusively by automated means, which produces legal consequences or significantly affects them.

To exercise any of the rights mentioned above regarding your personal data or your (if applicable) right to data portability, please contact us using the contact details provided in the “Contact Us” section below. To assist you in specifying which data you wish to exercise your rights on, please provide as much detail as possible about the data related to the rights you wish to exercise. Provided the request is not clearly unfounded or excessive (in which case a reasonable fee may be charged or the request may be denied), the information provided will be free of charge. Users also have the right to lodge a complaint with a local data protection authority.

Alternatively, you can submit your questions or requests related to your personal data through one of the following methods:

  1. Send your application via email from your registered electronic mail (KEP) address, prepared in accordance with the "Regulation on Application Procedures and Principles to the Data Controller" to turkcell.kisiselverilerikoruma@hs03.kep.tr, or
  2. Send your application prepared in accordance with the "Regulation on Application Procedures and Principles to the Data Controller" by notarized mail to the address: “Turkcell İletişim Hizmetleri A.Ş., Aydınevler Mahallesi İnönü Caddesi No:20 Küçükyalı Ofis Park B Blok, Maltepe/İstanbul,” or
  3. Use the email address previously notified to Turkcell and registered in the Company’s system, you can send an email prepared in accordance with the 'Regulation on Application Procedures and Principles to the Data Controller' to kisiselverilerikoruma@bip.com

Age Limitation

Users must be 16 years of age or older to share their Personal Data on the Application, and we do not intend to request, collect, or process Personal Data of Users under the age of 16. In some countries, a different age limit may be set, typically no less than 13 years. In such cases, you must meet the specified age. If you believe we have accidentally processed the Personal Data of a User under the age of 16, please contact us using the provided contact details. If we determine that we have inadvertently processed Personal Data of a User under 16, we reserve the right to delete it.

Retention Period of Personal Data

BiP will retain Personal Data for no more than 2 (two) years for as long as necessary for the purposes of data collection and/or processing, unless a longer retention period is required by applicable laws. This includes the retention of Personal Data for the period specified by relevant regulations in the event of any disputes arising from the Terms of Use. The maximum retention period for messages sent while a user is offline is three weeks, after which the messages will be deleted. Unless a longer retention period is required by legal obligations, BiP will securely delete Personal Data as soon as it is no longer necessary for the purpose for which it was processed, and ensures that all recipients of Personal Data adhere to the same obligation.

Data Security Measures

BiP takes great care to ensure the security of your Personal Data and implements appropriate technical and administrative measures to prevent unauthorized access to and illegal processing of your Personal Data. Your Personal Data is protected by strong security functions that we rigorously apply and regularly update.

BiP does not transfer any Personal Data of Users to third parties in violation of this Privacy Notice and/or applicable Data Protection Legislation. BiP may engage in secondary processing activities of Personal Data only where such processing is consistent with the purpose of processing and is lawful. In the event that Personal Data of Users is shared with third-party service providers in accordance with the provisions of this Privacy Notice, BiP will take the necessary measures to ensure that such third-party service providers provide protection for the Personal Data at a level equivalent to BiP's own protection.

However, BiP does not assume any responsibility for third-party applications linked from the Application, or for transactions conducted between users and/or third parties within the "Discover" feature of the Application, which includes channels related to various topics and content provided to users. These applications are outside BiP's control.

Automated Decision Making

Personal Data is not processed through automated systems to make decisions about users.

About This Privacy Notice

In the event of any changes or updates to Data Protection Legislation, BiP will update and modify the provisions of this Privacy Notice. In such a case, the updated Privacy Notice will be published and made available to you through the Application. Updates and changes made by BiP to the Privacy Notice will take effect from the date of publication in the Application.

The information in this Privacy Notice may vary from person to person, depending on the products and services individuals benefit from or their requests and consents.

Contact Us

If you have any questions, comments, or requests regarding this Privacy Notice, you may contact BiP via email at info@bip.com or send written inquiries to the following email or postal addresses:

Data Protection Officer

dpo@bip.com

Aydınevler Mahallesi İnönü Caddesi No:20/36 Küçükyalı Ofispark Maltepe/İstanbul/Turkey