Privacy Policy

WORLDEF (World E-Commerce Forum) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, purchase tickets, or attend our e-commerce events and exhibitions.

This policy complies with the General Data Protection Regulation (GDPR), Turkish Personal Data Protection Law (KVKK), and other applicable data protection regulations.

1. Data Controller

The data controller responsible for your personal data is:

WORLDEF (World E-Commerce Forum)
Website: https://worldef.com
Email: info@worldef.com
Data Protection Officer: privacy@worldef.com

2. Information We Collect

We collect various types of information in connection with WORLDEF e-commerce events:

2.1 Identity Information

• First name, last name
• National ID number (when required)
• Passport number (for international attendees)

2.2 Contact Information

• Email address
• Phone number
• Address details

2.3 Professional Information

• Company name and title
• Job position/title
• Industry and business area
• Professional interests

2.4 Financial Information

• Credit card details (processed securely by third-party payment providers)
• Billing information
• Transaction records

2.5 Transaction Security Information

• IP address
• Browser information
• Device information
• Cookie records

2.6 Visual and Audio Records

• Event photographs
• Video recordings
• Security camera footage

2.7 Special Categories of Personal Data

• Health data (disability status, dietary preferences - for event organization only)
• This data is processed only with your explicit consent and to the extent necessary

3. Purposes of Processing Personal Data

Your personal data is processed for the following purposes:

3.1 Establishment and Performance of Contract

• Processing ticket sales and registration
• Preparing event tickets and ID cards
• Providing event access and security controls
• Completing payment transactions
• Issuing invoices and legal documents

3.2 Communication and Information

• Sending event information and updates
• Sending booking and attendance confirmations
• Providing customer support services
• Evaluating requests and complaints

3.3 Marketing and Promotion (With Explicit Consent)

• Informing about future events
• Sending early booking opportunities
• Newsletter and marketing communications
• Personalized event recommendations

3.4 Fulfillment of Legal Obligations

• Obligations under tax legislation
• Commercial registration and reporting requirements
• Official authority requests

3.5 Security and Crime Prevention

• Ensuring event security
• Fraud and scam prevention
• Implementing cybersecurity measures

3.6 Business Development and Networking (With Consent)

• Facilitating business connections among attendees
• Sharing attendee information with sponsors and partners (with your consent)
• Networking through event applications and platforms

4. Legal Basis for Processing

Your personal data is processed based on the following legal grounds under GDPR and KVKK:

• Explicit consent: For marketing communications, data sharing, and special categories of data
• Contract performance: For ticket sales and event attendance
• Legal obligation: For tax, commercial registration, and reporting
• Legitimate interests: For security, service improvement, and business development
• Establishment, exercise, or defense of legal claims: For legal disputes

5. Disclosure of Personal Data

Your personal data may be disclosed to the following parties:

5.1 Domestic Transfers

• Service providers: Payment, hosting, email, SMS, event management services
• Business partners: Event organization companies, venue providers
• Sponsors: Only with your consent for networking purposes
• Official authorities: Within the framework of legal obligations

5.2 International Transfers

Due to WORLDEF's international events in Dubai, Riyadh, and other locations, your data may be transferred abroad. International transfers:

• Are carried out in accordance with GDPR Article 44-50 and KVKK Article 9
• Are made to countries with adequate protection or secured by data protection agreements
• Are made with your explicit consent
• Use Standard Contractual Clauses approved by the European Commission

6. Data Subject Rights

Under GDPR and KVKK, you have the following rights:

• Right to be informed: Learn whether your personal data is being processed
• Right of access: Request information if it is being processed
• Right to know purpose: Learn the purpose of processing and whether it is used appropriately
• Right to know third parties: Know the third parties to whom data is transferred domestically or abroad
• Right to rectification: Request correction of incomplete or inaccurate data
• Right to erasure: Request deletion under the conditions set forth in law
• Right to notification: Request that corrections, deletions be notified to third parties
• Right to object: Object to adverse outcomes from automated processing
• Right to compensation: Request compensation for damages due to unlawful processing

7. How to Exercise Your Rights

Methods to exercise your rights under GDPR and KVKK:

7.1 Electronic Application

Email: privacy@worldef.com
(Application must include name, surname, ID number, contact information, and request subject)

7.2 Written Application

You can submit a signed petition to the WORLDEF address.

7.3 Response Time

Your applications will be concluded free of charge within 30 days at the latest, depending on the nature of the request. If the process requires additional costs, fees determined by the Data Protection Authority may be charged.

8. Data Security

WORLDEF takes the following technical and administrative measures to ensure the security of your personal data:

8.1 Technical Security Measures

• SSL/TLS encryption protocols
• Firewall systems
• Secure server infrastructure and backup
• Penetration tests and security audits
• Anti-virus and anti-malware protection
• Two-factor authentication
• Data masking and anonymization

8.2 Administrative Security Measures

• Maintaining data processing inventory
• Employee data security training
• Confidentiality agreements and obligations
• Access authorization and log records
• Data breach intervention and notification procedures
• Regular security policy updates

9. Data Retention Period

Your personal data is retained for the period required by the processing purpose and the periods stipulated in relevant legislation:

• Account data: Until account deletion request or 3 years of inactivity
• Transaction records: 7 years as per Tax Procedural Law
• Invoices and financial documents: 10 years (pursuant to Turkish Commercial Code No. 6102)
• Marketing data: Until consent withdrawal or 2 years of inactivity
• Security records: 6 months - 2 years (according to security requirements)
• Communication records: 3 years (for complaints/disputes)

Personal data whose retention period has expired is deleted, destroyed, or anonymized in accordance with applicable law.

10. Cookies

Cookies are used on our website. For detailed information about cookie usage, please review our Cookie Policy.

You can block or delete cookies from your browser settings. However, in this case, some functions of the website may not work properly.

11. Protection of Special Categories of Personal Data

Special categories of personal data (such as health data) under GDPR and KVKK are processed only:

• With your explicit consent
• When necessary for event organization (disability, dietary requirements)
• With additional security measures

This data is protected with special care and only authorized personnel can access it.

12. Visual and Audio Records

Photography and videography are conducted at WORLDEF events. By attending events:

• You consent to being photographed and recorded
• You agree to the use of these images in marketing, social media, and promotional materials
• If you do not wish to be photographed, you can obtain a "No Photo" badge during registration

Security camera recordings are used for security purposes only and are deleted after legal retention periods.

13. Data Breach Notification

In the event of a data breach that may compromise the security of personal data:

• The breach is detected as soon as possible and necessary measures are taken
• The Data Protection Authority is notified within 72 hours as required by law
• Affected data subjects are informed
• Efforts are made to minimize the impact of the breach

14. Information Obligation

We have an obligation to inform you when your personal data is processed. This policy provides detailed information about the identity of the data controller, processing purposes, transfer information, and your rights.

15. Policy Updates

This Privacy Policy may be updated in line with legal changes, our business model, or technological developments. Significant changes:

• Are published on the website with an updated "Last Updated" date
• Are notified to registered users via email
• Explicit consent is requested for significant changes

16. Contact and Complaints

For any questions, requests, and complaints regarding data protection:

WORLDEF Data Protection Team
Email: privacy@worldef.com
General Contact: info@worldef.com
Website: https://worldef.com

Data Protection Authorities:
EU: Your local supervisory authority
Turkey: Personal Data Protection Authority (KVKK) - www.kvkk.gov.tr
Application: https://www.kvkk.gov.tr/Icerik/6522/Basvuru-Formlari

If your application is not answered, rejected, the answer is deemed insufficient, or not answered within the deadline; you may file a complaint with the Data Protection Authority within 30 days from the date you learn of the data controller's response and in any case within 60 days from the application date.

17. Effective Date

This Privacy Policy has been prepared in accordance with the General Data Protection Regulation (GDPR), Turkish Personal Data Protection Law No. 6698 (KVKK), relevant secondary legislation, and Data Protection Authority decisions, and is effective as of the publication date.