Last updated: April 2026
MEO Teknoloji ve Yazilim A.S. ("MEO") is committed to protecting the personal data of all individuals, including those residing in the European Economic Area (EEA) and the United Kingdom. This page outlines our commitment to compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and how we handle your personal data.
1. Data Controller Information
MEO Teknoloji ve Yazilim A.S.
MERSIS No: 0615092861200001
Gorukle Mh. Universite-1 Cd. No:933/B006 Nilufer, Bursa, Turkiye
Email: meo@meonow.com
Website: www.meonow.com
MEO acts as the data controller for personal data collected through our website and platform. For data processed on behalf of our Members (through their QR/NFC touchpoints and micro pages), MEO acts as a data processor.
2. Legal Basis for Processing
We process personal data based on one or more of the following legal grounds under GDPR Article 6:
- Contract Performance (Art. 6(1)(b)): To provide the services you have signed up for, manage your account, and process payments.
- Legitimate Interests (Art. 6(1)(f)): For platform security, fraud prevention, product improvement, and direct marketing to existing customers, where our interests are not overridden by your rights.
- Consent (Art. 6(1)(a)): For marketing communications to prospective customers, non-essential cookies, and certain profiling activities.
- Legal Obligation (Art. 6(1)(c)): To comply with applicable laws, including tax and accounting requirements.
Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
3. Your Rights Under GDPR
As a data subject, you have the following rights under the GDPR:
- Right of Access (Art. 15): You have the right to request a copy of the personal data we hold about you.
- Right to Rectification (Art. 16): You have the right to request correction of inaccurate or incomplete personal data.
- Right to Erasure (Art. 17): You have the right to request deletion of your personal data where there is no compelling reason for continued processing.
- Right to Restrict Processing (Art. 18): You have the right to request that we limit how we process your data in certain circumstances.
- Right to Data Portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
- Right to Object (Art. 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
- Rights Related to Automated Decision-Making (Art. 22): You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
- Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time.
4. Data Transfers
MEO is based in Turkiye. When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- The UK International Data Transfer Agreement (IDTA) for transfers from the UK
- Adequacy decisions where applicable
- Explicit consent where appropriate
You may request a copy of the safeguards we use for international data transfers by contacting us at meo@meonow.com.
5. Data Protection Officer
For all data protection inquiries, GDPR-related requests, or concerns about how we handle your personal data, please contact:
Data Protection Contact
MEO Teknoloji ve Yazilim A.S.
Email: meo@meonow.com
MEO is evaluating the appointment of a formal Data Protection Officer (DPO) and EU representative pursuant to GDPR Articles 37 and 27 respectively. This page will be updated when appointments are made.
6. How to Exercise Your Rights
To exercise any of your GDPR rights, please submit a written request to meo@meonow.com. We will:
- Acknowledge receipt of your request within 3 business days
- Verify your identity to protect your data
- Respond to your request within 30 days (extendable by a further 60 days for complex requests)
- Provide our response free of charge (reasonable fees may apply for manifestly unfounded or excessive requests)
7. Right to Lodge a Complaint
If you believe that we have not handled your personal data in accordance with the GDPR, you have the right to lodge a complaint with a supervisory authority. Relevant authorities include:
- Your local Data Protection Authority in the EU/EEA (find yours at edpb.europa.eu)
- Information Commissioner's Office (ICO) in the UK (ico.org.uk)
- Kisisel Verileri Koruma Kurumu (KVKK Board) in Turkey (www.kvkk.gov.tr)
We encourage you to contact us first so we can try to resolve your concern directly.
8. Data Security
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Access controls and role-based permissions
- Regular security assessments
- Incident response and breach notification procedures (within 72 hours as required by GDPR Art. 33)
For more details, please refer to Section 12 of our Privacy Policy.