This Privacy Policy explains how MEO Teknoloji ve Yazılım A.Ş. ("MEO", "we", "us", or "our") collects, uses, discloses, and protects personal data when you access our website at www.meonow.com or use our SaaS platform and related services (collectively, "Services"). Please read this policy carefully. By using our Services, you acknowledge that you have read and understood this Privacy Policy.

 

1. Data Controller Identity & Contact Information

The data controller responsible for your personal data is:

 

MEO Teknoloji ve Yazılım A.Ş.

MERSIS No: 0615092861200001

Görükle Mh. Üniversite-1 Cd. No:933/B006 Nilüfer, Bursa, Türkiye

Email: meo@meonow.com

Website: www.meonow.com

 

For data protection matters, you may also contact our designated Data Protection Contact at: meo@meonow.com

Note: If you are an EU/EEA resident and MEO does not maintain a formal EU representative, please note that MEO's primary contact for GDPR matters is the address above. MEO is evaluating the appointment of an EU representative pursuant to GDPR Article 27 and will update this Policy accordingly.

 

2. Scope of This Policy

This Privacy Policy applies to:

• Visitors to our website (www.meonow.com)

• Members and Users who register for and use the MEO SaaS platform

• Prospective customers, partners, and anyone who contacts us

 

This Policy does NOT apply to personal data that our Members collect from their own end users through MEO micro pages, QR codes, or NFC touchpoints. In those cases, the relevant MEO Member acts as the data controller, and their own privacy policy governs the data they collect. MEO processes such data only as a data processor (see Section 10).

 

3. Personal Data We Collect

3.1 Data You Provide Directly

• Account & Registration Data: name, surname, email address, company name, job title, phone number, and password when you create an account

• Payment Data: billing name, billing address, and payment card details — note that full card numbers are processed by our third-party payment processor and are never stored on MEO servers

• Communications: messages, support requests, feedback, survey responses, or any content you submit to us via email or contact forms

• Profile & Content Data: information you add to your MEO profile, pages, QR/NFC configurations, and other content you create on the Platform

 

3.2 Data Collected Automatically

• Usage Data: pages viewed, features used, click patterns, timestamps, and session duration

• Device & Technical Data: IP address, browser type and version, operating system, device identifiers, and screen resolution

• Log Data: server logs, error reports, and performance data

• Cookie & Tracking Data: as described in Section 7 below

 

3.3 Data from Third Parties

• Social Login Providers: if you sign in using Google, LinkedIn, or other OAuth providers, we receive basic profile information (name, email, profile picture) from that provider, subject to your settings

• Analytics Partners: aggregated or pseudonymous usage statistics from analytics platforms we use

• Payment Processors: transaction confirmation and fraud signals (not full card details)

 

4. Legal Basis for Processing (GDPR & KVKK)

We process your personal data on the following legal grounds:

 

Legal Basis

When We Rely On It

Examples

Contract Performance (GDPR Art. 6(1)(b) / KVKK Art. 5(2)(c))

Processing necessary to provide the Services you have signed up for

Account management, billing, service delivery

Legitimate Interests (GDPR Art. 6(1)(f) / KVKK Art. 5(2)(f))

Where our interests are not overridden by your rights

Platform security, fraud prevention, product analytics, direct marketing to existing customers

Consent (GDPR Art. 6(1)(a) / KVKK Art. 5(1))

Where you have given clear, informed consent

Marketing emails to prospects, non-essential cookies, certain profiling

Legal Obligation (GDPR Art. 6(1)(c) / KVKK Art. 5(2)(a))

Compliance with applicable laws

Tax records, responses to law enforcement requests

Vital Interests (GDPR Art. 6(1)(d))

In rare emergency situations only

Life-threatening safety situations

 

Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing before withdrawal.

 

5. Purposes for Which We Use Your Personal Data

• Service Delivery: creating and managing your account, providing Platform features, processing payments, and fulfilling physical product orders

• Security & Fraud Prevention: authenticating users, detecting and preventing unauthorized access, abuse, and fraud

• Customer Support: responding to your requests, troubleshooting issues, and improving our support processes

• Product Improvement: analysing how users interact with the Platform to identify bugs, improve features, and develop new functionality (using anonymized or aggregated data where possible)

• Communications: sending transactional emails (account confirmation, password resets, billing receipts) and, where you have opted in or we have a legitimate interest, product updates and marketing communications

• Compliance & Legal: meeting our legal and regulatory obligations, enforcing our Terms of Service, and defending against legal claims

• Analytics & Research: understanding usage trends, measuring campaign effectiveness, and conducting market research

 

6. How We Share Your Personal Data

We do not sell your personal data. We may share your data with the following categories of recipients:

 

6.1 Service Providers & Sub-processors

We engage trusted third-party companies to perform services on our behalf. These include:

• Cloud infrastructure and hosting providers (e.g., servers located in Bursa, Türkiye)

• Payment processors (e.g., Stripe, iyzico, or similar)

• Email delivery services

• Analytics platforms (e.g., Google Analytics — with IP anonymization enabled)

• Customer support tools

• Cybersecurity and fraud prevention services

 

All sub-processors are bound by data processing agreements and are required to process data only on our instructions and in accordance with applicable law. A list of our current sub-processors is available upon request at meo@meonow.com.

 

6.2 Corporate Transactions

If MEO undergoes a merger, acquisition, asset sale, or restructuring, your personal data may be transferred to the relevant third party. We will notify you before your data is transferred and becomes subject to a different privacy policy.

 

6.3 Legal Obligations & Public Authorities

We may disclose your data where required by binding law, court order, or request from a competent public authority (e.g., tax authorities, law enforcement, data protection supervisory authorities). We will, where legally permitted, notify you of such requests.

 

6.4 Protection of Rights

We may disclose your data where we believe disclosure is necessary to protect MEO's rights or property, prevent fraud, or protect the safety of users or others.

 

7. Cookies & Tracking Technologies

7.1 What Are Cookies?

Cookies are small text files placed on your device by websites you visit. We also use similar technologies such as web beacons, pixels, and local storage. Together we refer to these as "cookies" in this Policy.

 

7.2 Types of Cookies We Use

Cookie Type

Purpose

Can You Opt Out?

Strictly Necessary

Essential for the website and Platform to function (e.g., session management, security)

No — required for the service to work

Functional / Preference

Remember your preferences and settings (e.g., language, login state)

Yes — via cookie settings

Analytics / Performance

Understand how users interact with our site; we use anonymized/aggregated data where possible

Yes — via cookie settings

Marketing / Advertising

Track visits across websites for targeted advertising purposes

Yes — via cookie settings or opt-out link

 

7.3 Cookie Consent & Preferences

When you first visit our website, we display a cookie consent banner. You can manage your preferences at any time by clicking "Cookie Settings" in the website footer, or by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality of the Services.

 

7.4 Third-Party Cookies

Some cookies are set by third parties, including Google Analytics and social media platforms. These third parties' use of cookies is governed by their own privacy policies. We encourage you to review those policies.

 

8. International Data Transfers

MEO is based in Türkiye. If you are accessing our Services from the European Economic Area (EEA), the United Kingdom, or other jurisdictions with data transfer restrictions, please be aware that your personal data may be transferred to and processed in countries that may not provide the same level of data protection as your home country.

 

Where we transfer personal data internationally, we rely on one or more of the following safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission (for transfers from the EEA)

• The UK International Data Transfer Agreement (IDTA) (for transfers from the UK)

• Adequacy decisions issued by the European Commission, where applicable

• Your explicit consent, where appropriate

 

For transfers from Türkiye, we comply with the applicable provisions of the KVKK (Article 9) regarding cross-border data transfers, including obtaining adequate safeguards or your explicit consent where required.

You may request a copy of the safeguards we have put in place for international transfers by contacting meo@meonow.com.

 

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by law. The table below summarises our general retention approach:

 

Data Category

Retention Period

Rationale

Account & profile data

Duration of membership + 2 years after closure

Contract performance, legal claims

Billing & transaction records

7 years from transaction date

Tax and accounting obligations (Turkish Commercial Code)

Support communications

3 years from last interaction

Dispute resolution, quality assurance

Usage & analytics logs

13 months (rolling)

Performance analysis; aligned with Google Analytics default

Marketing opt-in records

Until consent is withdrawn + 3 years

Demonstrating lawful basis

Cookie consent records

1 year from consent date

Demonstrating lawful basis

 

When data is no longer required, it is securely deleted or anonymized. Upon account closure, we will delete or return your personal data within 90 days, subject to any outstanding legal retention obligations.

 

10. MEO as a Data Processor (Members' End-User Data)

When MEO Members use the Platform to collect, store, or process personal data from their own end users (for example, through contact forms on a MEO micro page or QR/NFC interaction flows), MEO acts solely as a data processor on behalf of the Member.

 

In this context:

• The Member is the data controller and is responsible for ensuring a valid legal basis for processing, providing notices to their end users, and complying with all applicable data protection laws

• MEO processes such data strictly in accordance with the Member's instructions and our Data Processing Agreement (DPA)

• MEO's DPA is available at [link to DPA] and is incorporated by reference into our Terms of Service for all Members subject to GDPR or equivalent regulations

 

If you are an end user of a MEO Member's page or service and have questions about how your data is handled, please contact the relevant Member directly.

 

11. Your Rights as a Data Subject

Depending on your jurisdiction, you may have the following rights regarding your personal data:

 

Right

Description

Applicable Law

Right of Access

Request a copy of the personal data we hold about you

GDPR Art. 15 / KVKK Art. 11

Right to Rectification

Request correction of inaccurate or incomplete data

GDPR Art. 16 / KVKK Art. 11

Right to Erasure ("Right to be Forgotten")

Request deletion of your data where there is no compelling reason for continued processing

GDPR Art. 17 / KVKK Art. 11

Right to Restrict Processing

Request that we limit how we process your data in certain circumstances

GDPR Art. 18 / KVKK Art. 11

Right to Data Portability

Receive your data in a structured, machine-readable format and/or have it transmitted to another controller

GDPR Art. 20

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes

GDPR Art. 21 / KVKK Art. 11

Rights re: Automated Decision-Making

Not to be subject to decisions based solely on automated processing that produce significant legal effects

GDPR Art. 22

Right to Withdraw Consent

Where processing is based on consent, withdraw it at any time without affecting prior processing

GDPR Art. 7(3) / KVKK Art. 5

CCPA Rights (California)

Right to know, right to delete, right to opt-out of sale, right to non-discrimination

California Consumer Privacy Act / CPRA

 

11.1 How to Exercise Your Rights

To exercise any of the above rights, submit a written request to:

• Email: meo@meonow.com

• Postal address: MEO Teknoloji ve Yazılım A.Ş., Görükle Mh. Üniversite-1 Cd. No:933/B006 Nilüfer, Bursa, Türkiye

 

For requests submitted under KVKK, you may also use the official KVKK application form. We will respond to verified requests within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

 

11.2 Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the relevant supervisory authority:

• Turkey: Kişisel Verileri Koruma Kurumu (KVKK Board) — www.kvkk.gov.tr

• EU/EEA: Your local Data Protection Authority (DPA) — find yours at edpb.europa.eu

• UK: Information Commissioner's Office (ICO) — ico.org.uk

• California: California Attorney General or California Privacy Protection Agency

 

12. Data Security

We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/HTTPS) and at rest

• Access controls and role-based permissions limiting data access to authorized personnel

• Regular security assessments and vulnerability scanning

• Incident response procedures

 

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and, where required, notify the relevant supervisory authority within 72 hours of becoming aware of the breach (in accordance with GDPR Article 33/34 and KVKK Article 12).

No system is completely secure. If you have concerns about the security of your account, please contact meo@meonow.com.

 

13. Children's Privacy

The Services are intended for use by individuals aged 18 or older. We do not knowingly collect personal data from children under the age of 18 (or the applicable age of majority in the relevant jurisdiction). If we become aware that we have inadvertently collected personal data from a minor without appropriate parental consent, we will delete it promptly. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at meo@meonow.com.

 

14. Social Media, Third-Party Links & Integrations

The Site may contain links to third-party websites and social media platforms (e.g., LinkedIn, Twitter/X, Instagram). Clicking those links takes you away from our Services and your interaction with those platforms is governed by their own privacy policies. MEO has no control over and accepts no responsibility for the privacy practices of third-party sites.

 

If you connect social media accounts to your MEO profile, those platforms may share certain data with us (subject to your settings). Please review the relevant platform's privacy policy to understand what data is shared.

 

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Post the updated Policy on www.meonow.com with a new "Effective Date"

• Notify registered Members via email or in-platform notification at least 14 days before the changes take effect

 

If you continue to use the Services after the revised Policy becomes effective, you will be deemed to have accepted the changes. If you do not accept the revised Policy, you must stop using the Services and close your account.

 

16. Jurisdiction-Specific Disclosures

16.1 European Economic Area & United Kingdom (GDPR / UK GDPR)

MEO processes personal data of EEA and UK residents in accordance with the GDPR and UK GDPR respectively. The lawful bases for processing are set out in Section 4. You are entitled to all rights listed in Section 11. Where MEO acts as a data processor for a Member's end-user data, the relevant Member is the data controller.

 

16.2 California, USA (CCPA / CPRA)

If you are a California resident, you have the right to: (i) know what personal information we collect, use, disclose, or sell; (ii) request deletion of your personal information; (iii) opt out of the sale or sharing of your personal information; and (iv) non-discrimination for exercising your rights. MEO does not sell personal information. To exercise your CCPA/CPRA rights, contact us at meo@meonow.com. We will respond within 45 days as required.

 

16.3 Türkiye (KVKK)

MEO processes personal data in accordance with Law No. 6698 (KVKK). Data subjects in Türkiye may exercise the rights listed in KVKK Article 11 by submitting a written request via the methods described in Section 11.1. MEO has registered with the VERBİS data controller registry in accordance with applicable requirements.

 

17. Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact us:

 

Email: meo@meonow.com

Data Protection Contact: meo@meonow.com

Postal: MEO Teknoloji ve Yazılım A.Ş., Görükle Mh. Üniversite-1 Cd. No:933/B006 Nilüfer, Bursa, Türkiye

Website: www.meonow.com

 

We aim to respond to all privacy-related inquiries within 30 days.