Privacy Policy

1. Introduction

Welcome to Orbitx Capital ("we," "us," "our," or "the Platform"). We are deeply committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect your data when you access or use our website, mobile applications, and related services (collectively referred to as the "Services").

By accessing or using Orbitx Capital, you confirm that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of it, please stop using our Services immediately.

This Privacy Policy is designed to comply with the Turkish Personal Data Protection Law (KVKK) and, where applicable, the European Union’s General Data Protection Regulation (GDPR) for users in the European Economic Area.

2. Information We Collect

We collect different types of information to provide, improve, and secure our Services:

2.1 Personal Information You Provide

When you register an account or use our Services, we may collect:

• Identity Information: Full name, date of birth, gender, and residential address
• Contact Information: Email address, phone number, and postal address
• Financial Information: Bank account details, payment card information, and transaction history
• Verification Documents: Government-issued ID (passport, driver’s licence) and proof of address (utility bills or bank statements dated within the last 3 months)
• Account Credentials: Username, password, and security question answers

2.2 Information Collected Automatically

When you interact with our Services, we automatically collect:

• Device and Technical Information: IP address, browser type and version, operating system, and device identifiers
• Usage Data: Pages visited, features used, session duration, click patterns, and interaction data
• Location Data: Approximate geographic location derived from your IP address
• Cookies and Tracking Technologies: Session and persistent cookies, web beacons, and analytics tools (please see our Cookies Policy for more details)

2.3 Information from Third Parties

We may receive information about you from trusted third parties, including:

• Identity verification providers (for KYC compliance)
• Payment processors (for transaction confirmations)
• Connected cryptocurrency exchanges (via secure API you authorize)
• Analytics and performance monitoring services

3. How We Use Your Information

We use your information for the following legitimate purposes:

• Providing and Managing Services: Creating and maintaining your account, executing trades, processing payments, and delivering platform features
• Compliance and Verification: Meeting Turkish Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) requirements
• Customer Support: Responding to your inquiries and providing technical assistance
• Security and Fraud Prevention: Detecting and preventing unauthorized access, fraud, and suspicious activity
• Platform Improvement: Analyzing usage patterns to develop new features and enhance user experience
• Communication: Sending important account notifications, security alerts, and (with your consent) marketing updates
• Legal and Regulatory Compliance: Fulfilling legal obligations and responding to lawful requests
• Analytics and Research: Generating statistical insights using anonymized or aggregated data

4. Legal Basis for Processing (GDPR Compliance)

For users in the European Economic Area, we rely on the following legal bases for processing your personal data:

• Contractual Necessity: To fulfill our agreement with you and provide the Services
• Legal Obligation: Compliance with Turkish AML/CTF laws, tax regulations, and other legal requirements
• Legitimate Interests: Improving security, preventing fraud, and optimizing our Services (balanced against your rights)
• Consent: For marketing communications and certain optional data processing (you may withdraw consent at any time)

5. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your data only in the following limited circumstances:

5.1 Service Providers

Trusted third-party vendors who assist us with:

• Payment processing
• Cloud hosting and infrastructure
• Identity verification and KYC services
• Email and notification delivery
• Analytics and performance monitoring

All service providers are bound by strict contractual obligations to protect your data and use it only for the purposes we specify.

5.2 Regulatory and Legal Authorities

When required by law, we may disclose information to:

• Turkish Financial Crimes Investigation Board (MASAK)
• Capital Markets Board of Turkey (SPK)
• Law enforcement or regulatory bodies (upon valid legal request)
• Tax authorities for reporting obligations

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections set out in this policy.

6. Data Security

We implement robust technical and organizational measures to protect your information, including:

• Encryption: SSL/TLS for data in transit and AES-256 encryption for sensitive data at rest
• Access Controls: Strict role-based access limited to authorized personnel only
• Two-Factor Authentication (2FA): Strongly recommended and available for all accounts
• Regular Audits: Independent penetration testing and security assessments
• Secure Infrastructure: Data hosted in ISO 27001-certified facilities with physical and logical security controls

Although we take every reasonable precaution, no system is completely impenetrable. You are responsible for keeping your account credentials confidential.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy or as required by law:

• Active Accounts: Retained while your account is active
• Identity & Verification Data: Retained for 7 years (AML/CTF legal requirement)
• Transaction Records: Retained for 7 years for financial and tax compliance
• Support Communications: Retained for up to 3 years
• Marketing Data: Deleted within 90 days after you withdraw consent

8. Your Privacy Rights

Under Turkish KVKK and GDPR (where applicable), you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete information
• Erasure: Request deletion of your data (subject to legal retention obligations)
• Objection: Object to processing for direct marketing or certain legitimate interests
• Portability: Request transfer of your data to another service provider
• Restriction: Request temporary restriction of processing in specific cases
• Withdraw Consent: Withdraw consent previously given for certain processing activities

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

9. International Data Transfers

Your data may be transferred to and processed in countries outside Turkey (including the United States, EU member states, and Singapore). We ensure appropriate safeguards are in place through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequate protection measures recognized under Turkish KVKK
• Binding data processing agreements with all international partners

10. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that a user is under 18, we will promptly delete their account and all associated data.

11. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. Significant updates will be notified via email or a prominent notice on the platform at least 30 days before they take effect.

Your continued use of the Services after the updated policy takes effect constitutes acceptance of the changes.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact:

Privacy Officer
Orbitx Capital
Email: [email protected]
Phone: +90 242 962 0347
Address: Privacy Officer, Orbitx Capital, Büyükdere Caddesi No: 185, Levent, Beşiktaş, 34394 İstanbul, Türkiye

You may also file a complaint with the Turkish Personal Data Protection Authority (KVKK) at www.kvkk.gov.tr or by calling 0 312 216 10 00.