Privacy Policy
Bonobo’s privacy commitment
At Bonobo Teknoloji Çözümleri (“Bonobo”, “we”), we take the privacy of our visitors and customers seriously. This Privacy Policy explains, in plain language, what data we collect, why we collect it, how we protect it, and how you can exercise your rights.
For the legal/regulatory framework, please refer to our Privacy Notice; for our use of cookies, see our Cookie Policy.
1. Who is Bonobo?
Bonobo is a technology company that has provided customer loyalty solutions to Türkiye’s leading restaurant, café and retail brands since 2015.
- Legal name: Bonobo Teknoloji Çözümleri
- Address: Gayrettepe Mahallesi, Yıldız Posta Caddesi, Akın Sitesi 4. Blok, No: 12, D: 76, Beşiktaş / İstanbul, Türkiye
- Email: [email protected]
- Website: bonobo.com.tr
2. What Data Do We Collect?
We only collect personal data that is necessary to provide our services. We never request more than we need.
Data we collect through our website:
- When you submit a demo form: name, email, phone, company, current POS system, number of locations, message content
- During your visit, via cookies: browser/device information, IP address, language preference, visit timestamps
Data we do NOT collect:
- Government identifiers (national ID, social security)
- Health information
- Financial account data (card numbers, etc.)
- Children’s data (see below)
3. Why Do We Collect Your Data?
We process your data only for the following purposes:
- ✅ Scheduling and conducting the demo session you requested
- ✅ Responding to your questions
- ✅ Providing and improving our products and services
- ✅ Meeting our legal obligations
- ✅ Measuring service quality (anonymized/aggregate data)
We do NOT:
- ❌ Sell your data to third parties
- ❌ Share it with advertising networks
- ❌ Use it for marketing without your explicit consent
- ❌ Run targeted advertising (retargeting)
4. How Do We Protect Your Data?
We apply the following technical and organizational measures:
Technical measures
- All web traffic is encrypted via HTTPS / SSL
- Form submissions are transmitted to our server in encrypted form
- Cloudflare Turnstile protection against spam and bot attacks
- Regular security updates (application and server software)
- Two-factor authentication (2FA) is enforced for site administration access
Organizational measures
- Only employees who need to know have access to your data
- Our employees receive KVKK training
- We sign data processing agreements with all third parties handling data on our behalf (hosting, email service, etc.)
- In case of a data breach, we notify the Personal Data Protection Board within 72 hours
No system is 100% secure, but we take reasonable precautions against all foreseeable risks.
5. Do We Share Your Data with Third Parties?
We share your data only in the following circumstances:
- Service providers: Web hosting, email service, form platform, cloud backup providers — only as needed for service delivery, and these providers are also bound by data protection obligations under KVKK
- Legal obligation: Court orders or requests from authorized authorities
- Business partners: Only where strictly necessary for the delivery of products and services, and only to a limited extent
We never share your data with advertising networks, marketing companies or sales intermediaries.
6. International Data Transfers
Some of the service providers we rely on for our website infrastructure (e.g., Cloudflare, content delivery networks, font services) operate servers partially outside Türkiye. In such cases, your personal data is transferred abroad in accordance with Article 9 of the KVKK, only to countries with adequate protection levels or to providers that have given the necessary undertakings. For more information, please contact [email protected].
7. How Long Do We Keep Your Data?
We retain your data only for as long as necessary for the purpose of collection and within periods required by law:
| Data type | Retention period |
|---|---|
| Demo form (if no customer relationship) | 24 months |
| Active customer relationship data | Duration of relationship + statutory periods (up to 10 years) |
| Cookie data | 30 days – 12 months (depending on cookie type) |
| Data subject to statutory retention | As required by law |
After these periods, your data is deleted, destroyed or anonymized.
For detailed retention information, see our Privacy Notice.
8. Children’s Privacy
Our website is not intended for individuals under 18 years of age. We provide a B2B (business-to-business) service and our website targets adult professionals with business decision-making authority.
We do not knowingly collect personal data from individuals under 18. If we discover that a child has provided us with personal data, we will delete it as soon as possible. If you believe your child has provided us with personal data, please contact [email protected].
9. Third-Party Links
Our website may contain links to third-party websites (social media, partner sites, etc.). Bonobo is not responsible for the privacy practices of these sites. We recommend reviewing their privacy policies before visiting them.
10. Your Rights
Under Article 11 of the KVKK, you have the following rights regarding your personal data:
- 📋 Right to know whether your data is being processed
- 📋 Right to request information about such processing
- 📋 Right to learn the purpose and appropriateness of processing
- 📋 Right to know third parties to whom data has been transferred
- ✏️ Right to rectification (for incomplete/incorrect data)
- 🗑️ Right to deletion/destruction
- 🚫 Right to object to results derived from automated analysis
- ⚖️ Right to compensation for damages
To exercise these rights, write to [email protected] or send a written (wet-signed) application to our company address. For detailed application methods, see our Privacy Notice.
We respond to your request within 30 days, free of charge.
11. Additional Information for EU Residents (GDPR)
If you reside in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):
- Right to data portability (request your data in a structured format)
- Right to lodge a complaint with a supervisory authority
- Rights regarding automated decision-making
To exercise these rights, you may contact us at [email protected].
12. In Case of a Data Breach
If we detect that your data has been accessed by unauthorized parties:
- We notify the Personal Data Protection Board within 72 hours
- For high-risk breaches, we notify affected individuals directly
- We immediately implement technical and organizational measures to limit the impact
13. Complaints and Contact
For privacy-related questions, requests or complaints, please contact us via:
- Email: [email protected]
- Mail: Gayrettepe Mahallesi, Yıldız Posta Caddesi, Akın Sitesi 4. Blok, No: 12, D: 76, Beşiktaş / İstanbul, Türkiye
If you find our response insufficient, you have the right to file a complaint with the Personal Data Protection Board:
- Web: kvkk.gov.tr
- Address: Nasuh Akar Mahallesi, 1407. Sokak, No: 4, Çankaya / Ankara, Türkiye
14. Changes to This Policy
We may update this Privacy Policy from time to time in line with legislative changes or our business processes. We announce material changes on our website and, where appropriate, by email.
Effective date: 5 May 2026 Last updated: 10 June 2026