Collecist Privacy Policy

Last Updated: December 30, 2025

İzlence Bilişim Yazılım Elektronik Sanayi ve Ticaret Limited Şirketi ("Collecist", "we", "us" or "our") is committed to protecting and respecting your privacy. This Privacy Policy ("Policy") explains how we collect, store, use and share information about you when you use our website, mobile applications and all digital exhibition, discovery, messaging and promotion services (together, the "Services" or "Platform").

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By using our Platform, you acknowledge and agree to the practices described in this Policy.

This Policy is part of our Terms of Service. By accessing or using our Services, you accept that your information will be processed as described in this Policy. You may withdraw your consent at any time; however, this does not affect the lawfulness of processing prior to withdrawal.

1. Data Controller and Contact Information

Under the Turkish Personal Data Protection Law No. 6698 ("KVKK") and applicable regulations, the data controller is:

İzlence Bilişim Yazılım Elektronik Sanayi ve Ticaret Limited Şirketi

• Address: Esenşehir, Kürkçüler Cd. No:94, 34776 Dudullu OSB/Ümraniye/İstanbul, Turkey
• Phone: +90 216 420 0056
• Fax: +90 216 420 0058
• Tax Office: Sarıgazi
• Tax ID: 4841050942
• Trade Registry No: 67420-5
• Website: www.collecist.com | www.izlencebilisim.com
• Email: privacy@collecist.com

For all questions, requests or to exercise your rights regarding privacy and data protection, please contact us using the information above.

2. Scope of Policy and Our Business Model

2.1 Scope

This Policy applies whenever you use our Services, whether or not you have a Collecist account. This Policy is an integral part of our Terms of Service and should be read in conjunction with them.

Collecist does not have control over the privacy practices of third-party websites or applications. The privacy policies of third parties to which you may be directed from our Services apply separately and independently. We recommend reviewing their policies before submitting any personal data to such third-party sites.

2.2 Our Business Model - Important Disclosure

Collecist is a digital exhibition, portfolio promotion and discovery platform connecting artists, galleries, institutions and collectors.

Key features:

• We do not charge commissions on artwork sales
• We are not a party to sales transactions: Sales and payment relationships occur directly between the seller (artist/gallery/institution) and the buyer (collector)
• Our role: We provide the platform, digital exhibition spaces (3D/VR Viewing Rooms), discovery tools and promotion services
• Our revenue model: Basic services are free; we only generate revenue from premium promotion, featured listings and curatorial support packages through paid subscription services

This business model directly affects how we collect and process your personal data. We are an exhibition and promotion platform, not a trading intermediary or broker.

3. Information We Collect

3.1 Information You Provide to Us

Information you give us by filling in forms on our Platform or by contacting us by phone, email or other means:

Account and Profile Information:

• First name, last name, username
• Email address
• Phone number
• Country, city
• User type (artist, gallery/institution, curator, collector, visitor)
• Profile picture and biography
• Institution/gallery name and promotional information
• Social media account links

Communication and Content:

• In-platform messaging and offer contents
• Customer support requests and correspondence
• Survey and feedback responses
• Newsletter subscription preferences

Artwork and Exhibition Content:

• Artwork images, titles, descriptions
• Artist information, technical details
• Price information (depending on your display preferences)
• 3D/VR exhibition content
• Collection and curation information

Payment and Billing Information (for paid services only):

• Billing name and address
• Tax ID number (for institutional users)
• Payment method information (processed through secure third-party processors)

3.2 Information We Collect Automatically

Each time you visit or use our Platform, we automatically collect the following information:

Technical Information:

• Internet Protocol (IP) address
• Browser type and version
• Device type and identifiers (mobile device ID, operating system)
• Time zone setting and location information
• Browser plug-in types and versions
• Operating system and platform

Usage Information:

• Full URL clickstream (to, through and from our site)
• Artworks, exhibitions and profiles you view
• Search terms and filters
• Page response times and download errors
• Page interaction information (scrolling, clicks, zooming)
• Session duration and visit frequency
• 3D/VR exhibition interactions
• Favorites and list creation activities

Performance and Error Logs:

• Application crash reports
• System performance data
• Debugging information

3.3 Information We Receive from Other Sources

Business Partners and Integrations:

• Social media account connections (with your permission)
• Profile information from authentication service providers
• Transaction status information from payment processors

Analytics and Security Providers:

• Usage statistics from web analytics services
• Risk analysis data from fraud prevention services
• Traffic information from search engine providers

User References:

• In-platform feedback from other users about you
• Communication response times and quality assessments

4. Cookies and Similar Technologies

4.1 Cookie Usage

Our website uses cookies to distinguish you from other users and improve your experience. Cookies are small text files stored by your browser or device.

Types of Cookies We Use:

Strictly Necessary Cookies:

• Session management and authentication
• Security and fraud prevention
• Platform core functionality
• Preference and language settings

Performance and Analytics Cookies:

• Visitor numbers and traffic sources
• Most popular content and features
• User behavior analysis
• Error detection and performance measurement

Functional Cookies:

• Remembering your login information
• Personalized content display
• Video player preferences
• 3D/VR viewing settings

Marketing and Personalization Cookies:

• Content recommendations based on your interests
• Newsletter and campaign engagement tracking
• Third-party advertising platform integration
• Social media sharing buttons

4.2 Cookie Management

You can control, delete or block cookies through your browser settings. However, if you disable some cookies, certain features of our Platform may not function properly.

You can manage your cookie preferences at www.collecist.com/cookie-settings or through the "Cookie Settings" section on the Platform.

Please refer to our separate Cookie Policy document for detailed information.

5. How We Use Your Personal Data

5.1 Legal Bases and Purposes

We process your personal data based on the following legal grounds and purposes:

A) Performance of Contract:

• Account creation and management
• Providing Platform services
• Digital exhibition and 3D/VR content display
• Facilitating artist-collector communication
• Providing paid promotion services
• Managing invoicing and payment processes

B) Legitimate Interest:

• Ensuring Platform security
• Preventing fraud and abuse
• Improving service quality
• Enhancing user experience
• Providing technical support
• Conducting statistical analysis
• Developing business strategies

C) Legal Obligation:

• Legal record-keeping requirements
• Tax and accounting compliance
• Responding to official authority requests
• Audit and compliance processes

D) Explicit Consent:

• Marketing communications (newsletters, campaigns)
• Personalized content recommendations
• Social media integrations
• Third-party analytics services
• Cookie usage (except strictly necessary)

5.2 Detailed Usage Purposes

Service Provision and Improvement:

• Digital exhibition, 3D/VR experiences and portfolio promotion
• Artwork discovery and search functionality
• Messaging and offer system
• Platform performance optimization
• New feature development
• Error detection and correction

Security and Protection:

• Ensuring account security
• Authentication and authorization
• Detecting fraud, spam and abuse
• Identifying and removing unlawful content
• Protecting Platform integrity

Communication and Information:

• Account activity notifications
• Service updates and announcements
• Technical support and customer service
• Security alerts
• Changes to Platform terms

Personalization and Recommendations:

• Artwork recommendations based on your interests
• Artist and exhibition discovery algorithms
• Personalized search results
• Content filtering and sorting

Marketing and Promotion (Consent-Based):

• Newsletter delivery
• New feature announcements
• Special campaign and event notifications
• Premium service promotions
• Platform-related educational content

Analytics and Research:

• User behavior analysis
• Market research and trend analysis
• Platform usage statistics
• A/B testing and optimization
• Academic research (with anonymized data)

Paid Services:

• Managing subscription transactions
• Billing and payment tracking
• Implementing promotion packages
• Providing featured listing services
• Curatorial support services

5.3 Sales Transactions - Important Note

Collecist is not a party to artwork sales transactions. All aspects of artwork sales including:

• Price determination
• Payment terms
• Delivery arrangements
• Tax and customs procedures
• Invoice issuance
• Returns and warranties

Are conducted directly between the seller (artist/gallery/institution) and buyer (collector). Personal data related to these processes are subject to the privacy policies of the parties involved and/or the payment infrastructure they use.

Collecist only facilitates communication between parties; in this context, we enable communicating parties to share contact information (name, email, phone) with each other.

6. With Whom We Share Your Information

6.1 General Principles

We do not sell your personal information to third parties and do not share it for their own direct marketing purposes without your permission.

We do not disclose information about identifiable individuals to our marketing partners, but we may provide them with aggregate, anonymized information about our users (for example, statistics such as "1,500 artist profiles were created this month").

6.2 Sharing Scenarios

A) Service Providers and Sub-processors:

Trusted third-party service providers we work with to operate the Platform:

• Hosting and Infrastructure Providers: Server hosting and data storage
• Payment Processors: Secure payment transactions (Stripe, PayTR, etc.)
• Email Service Providers: Newsletter and notification delivery
• Cloud Storage Services: Artwork images and media files
• CDN Providers: Fast content distribution
• Analytics Platforms: Google Analytics, Mixpanel, etc.
• Customer Support Tools: Live chat and ticket systems
• Fraud Prevention Services: Security and risk analysis
• 3D/VR Content Infrastructure: Immersive exhibition technologies

These providers process your data only on our behalf and according to our instructions; they cannot use it for their own purposes.

B) Inter-User Communication on Platform:

In communications and interactions you initiate on the Platform:

• When you send an offer to an artist or gallery: your name, contact information
• When you start messaging: your profile information
• When you request information about an exhibition or artwork: your identity and contact information

Are shared with relevant parties. This sharing is necessary due to the nature of the service.

C) Business Partners:

• Art Institutions and Galleries: Event and exhibition organization within collaborations
• Advertising Networks: To serve relevant ads to you and other users (with anonymized data)
• Search Engine Providers: Platform optimization and SEO
• Social Media Platforms: Social login and sharing features (with your permission)

D) Legal Requirements:

We may disclose your personal data in the following situations:

• To comply with legal obligations
• Court orders and official authority requests
• To protect the rights of Collecist, its users or others
• To enforce Platform terms
• Fraud and crime prevention
• Emergency security situations

E) Business Changes:

In the event of Collecist's or İzlence Bilişim's:

• Merger or acquisition
• Asset sale
• Bankruptcy or liquidation proceedings

Your personal data may be among the transferred assets. We will notify our users in advance in such cases.

F) Aggregate and Anonymous Data:

Aggregate statistics and anonymous data that do not contain personal information may be freely used and shared for:

• Market research
• Trend analysis
• Academic studies
• Press releases

6.3 Group Companies

We may share your personal information with İzlence Bilişim group companies, our subsidiaries and affiliates, for the purposes stated in this Policy and under appropriate data protection agreements.

7. User Content and Visibility

7.1 Public Content

Content you create and share on the Platform:

• Artist profiles and biographies
• Artwork images, titles and descriptions
• Exhibition and collection information
• 3D/VR content
• Public comments and reviews

Are public by default and may be visible:

• To other users on the Platform
• In search engines (Google, Bing, etc.)
• In social media shares
• Through off-platform links

7.2 Your Privacy Controls

From your account settings, you can:

• Adjust your profile visibility
• Control artwork price display
• Set your communication preferences
• Make some information visible only to registered users

7.3 Intellectual Property Responsibility

Regarding content you upload to the Platform, you represent and warrant that you:

• Have all necessary rights and permissions
• Do not infringe third-party rights
• Respect copyright, trademark and other intellectual property rights

Liability for violations rests with you.

7.4 Content License

When you upload content to the Platform, you grant Collecist a worldwide, non-exclusive, royalty-free, transferable, sublicensable, limited license for the following purposes:

• Displaying your content on the Platform
• Providing Platform services
• Promoting and marketing the Platform
• Backup and archiving

This license may continue for a reasonable period after you close your account (for legal obligations and archival purposes).

7.5 Content Removal (Takedown)

If you detect a rights violation, you can send a request to privacy@collecist.com including:

• Type of right violated
• Documents proving your right
• Link to infringing content
• Your contact information

We will evaluate valid requests and remove content if necessary.

8. International Data Transfers

8.1 Data Locations

Our service providers and sub-processors may operate in different countries. In this case, your personal data may be transferred to locations such as:

• European Union (EU)
• European Economic Area (EEA)
• Turkey
• United States of America
• Other countries

8.2 Safeguards

For data transfers outside Turkey, we implement appropriate safeguard mechanisms required by KVKK and GDPR:

• EU Standard Contractual Clauses (SCC)
• Adequacy Decisions: Countries recognized by the EU as providing adequate protection
• Binding Corporate Rules: For intra-group transfers
• Data Processing Agreements: With service providers

8.3 Data Security

In data transfers, we use technical and administrative measures such as:

• Encryption (SSL/TLS)
• Access controls
• Regular audits
• Contractual obligations

9. Data Retention Periods

9.1 General Principles

We retain your personal data only:

• For as long as the processing purpose requires
• For legal retention periods
• To the extent our legitimate interests require

9.2 Specific Retention Periods

Active Accounts:

• Account information: While account is active
• Artwork and exhibition content: While published
• Communication history: Last 3 years
• Technical logs: 12 months
• Analytics data: 24 months (anonymized)

Closed Accounts:

• Personal data: Deleted within 30 days after account closure
• Legal obligations: Records required for tax, accounting and legal requirements for statutory periods (generally 10 years)
• Anonymous statistics: Indefinitely (contains no personal identifiers)

Paid Services:

• Invoice and payment records: 10 years as per tax legislation
• Subscription history: 5 years

Communication and Support:

• Customer support requests: 3 years after resolution
• Complaint records: 6 years as per consumer legislation

Security and Compliance:

• Fraud reports: 5 years
• Security logs: 2 years
• Legal dispute records: Duration of case + 10 years

9.3 Deletion and Anonymization

When the retention period expires:

• Data is securely deleted
• Irreversibly anonymized
• Cleared from backup systems

Anonymous data for statistical purposes may be retained indefinitely.

10. Data Security

10.1 Technical Measures

Encryption:

• SSL/TLS data transmission
• Database encryption
• Password hashing (bcrypt/argon2)
• Payment information tokenization

Access Control:

• Multi-factor authentication (2FA)
• Role-based authorization
• IP restrictions
• Session management and timeout

Infrastructure Security:

• Firewalls
• DDoS protection
• Intrusion detection systems (IDS)
• Regular security patches
• Backup and disaster recovery plans

Application Security:

• Secure coding standards
• XSS and SQL injection protection
• CSRF token usage
• File upload validations
• Rate limiting and abuse prevention

10.2 Administrative and Organizational Measures

Personnel Security:

• Non-disclosure agreements (NDA)
• Data protection training
• Limited access policies
• Segregation of duties

Process Security:

• Security policies and procedures
• Incident response plans
• Regular risk assessments
• Vendor security audits
• Compliance checks

Audit and Monitoring:

• System activity logs
• Abnormal behavior detection
• Regular security scans
• Penetration testing (annually)
• Independent security audits

10.3 User Responsibilities

Password Security:

• Create strong passwords (at least 8 characters, upper/lowercase, numbers, symbols)
• Never share your password
• Don't use the same password across different platforms
• Change your password immediately if you detect suspicious activity

Account Security:

• Enable 2FA
• Log in from trusted devices
• Log out of sessions regularly
• Keep your email address current
• Be aware of suspicious emails (phishing)

10.4 Security Breach Notification

If we detect a security breach that may affect your personal data, we will notify:

• The Personal Data Protection Authority (within 72 hours) as required by KVKK
• Affected users (without undue delay)

The notification will include:

• Type and scope of breach
• Affected data categories
• Measures taken
• Recommended protective steps

10.5 Limitations

Absolute security of data transmitted over the Internet cannot be guaranteed. Although we take the best security measures:

• Zero risk is impossible
• Third-party risks exist
• User error risks are present

All data transmission is at your own risk; we strive to provide reasonable security standards.

11. Your Rights (KVKK and GDPR)

11.1 General Rights

Under Turkish Personal Data Protection Law No. 6698 (KVKK) and the EU General Data Protection Regulation (GDPR), you have the following rights:

1. Right to Information

• Learn whether your personal data is being processed
• Request information about such processing if it is

2. Right of Access

• Access your personal data
• Learn about processing purposes and methods
• Know the third parties with whom data is shared
• Request a free copy (first request)

3. Right to Rectification

• Request correction of incomplete or inaccurate data
• Request updating of outdated information

4. Right to Erasure ("Right to be Forgotten") You can request deletion of your data if:

• The processing purpose no longer exists
• You have withdrawn your consent
• Data was processed unlawfully
• A legal obligation requires it

5. Right to Restriction

• When you contest data accuracy (during verification)
• If processing is unlawful but you don't want deletion
• When we no longer need it but you need it for legal claims
• If you have objected (during legitimate interest assessment)

6. Right to Data Portability

• Receive your data in a structured, commonly used, machine-readable format
• Transmit this data to another data controller
• (Applies only to automated processing and consent/contract basis)

7. Right to Object

• Object to processing based on legitimate interest
• Stop processing for direct marketing
• Object to profiling and automated decision-making

8. Right to Object to Automated Decision-Making and Profiling

• Not be subject to decisions based solely on automated processing
• Object to profiling activities

9. Right to Withdraw Consent

• Withdraw your consent at any time for consent-based processing
• (Does not affect the lawfulness of prior processing)

10. Right to Lodge a Complaint

• Apply to the Personal Data Protection Authority
• Lodge a complaint with your local data protection authority
• Seek judicial remedy

11.2 Opting Out of Marketing Communications

Email Marketing:

• "Unsubscribe" link at the bottom of each email
• Account settings > Notifications > Email Preferences
• For complete opt-out: "Stop All Emails"

SMS Marketing:

• Reply with "CANCEL"
• Account settings
• Contact us directly

Push Notifications:

• Mobile app > Settings > Notifications
• iOS: Settings > Collecist > Notifications
• Android: Settings > Apps > Collecist > Notifications

In-Platform Notifications:

• Profile > Settings > Notification Preferences
• Adjustable for each category separately

Note: Transactional and security messages (password reset, security alerts, etc.) are not marketing and you cannot opt out of them.

11.3 Opting Out of Cookies

Browser Settings:

• Chrome, Firefox, Safari, etc. cookie management from settings
• Delete or block all cookies

Collecist Cookie Preferences:

• www.collecist.com/cookie-settings
• Separate preference for each cookie category

Third-Party Cookies:

• Google Analytics: https://tools.google.com/dlpage/gaoptout
• Facebook Pixel: Facebook ad settings
• Relevant third party's opt-out page

11.4 Rights Exercise Process

Application Methods:

1. Email: privacy@collecist.com
2. Written Application:

3.     İzlence Bilişim Yazılım A.Ş. Personal Data Protection Unit Esenşehir, Kürkçüler Cd. No:94 34776 Dudullu OSB/Ümraniye/İstanbul, Turkey

3. KEP Address: [KEP address to be added]
4. Collecist Application Form: www.collecist.com/data-request

Requirements for Application:

• First name, last name
• Turkish ID number or passport/foreign ID number
• Postal address
• Contact information (email, phone)
• Request subject (which right you wish to exercise)
• Identity verification document (signed petition + ID copy or e-Government approved document)

Response Time:

• Within 30 days from receipt of your application
• If additional time needed: Can be extended by 30 days (you'll be informed with justification)

Fees:

• First access request is free
• Repeated or excessive requests: According to fee schedule determined by the Personal Data Protection Authority

Identity Verification: For security purposes, we may need to verify your identity:

• Official ID document copy
• Two-factor authentication
• Account verification questions
• E-signature or mobile signature

Third-Party Applications: If applying through a representative:

• Notarized power of attorney
• Representative's ID document
• Data subject's signed consent document

11.5 Limitations and Exceptions

Your rights may be limited in the following cases:

• National security and public safety
• Crime investigation and prosecution
• Judicial proceedings
• Protection of others' rights and freedoms
• Protection of intellectual and industrial property rights
• Legal retention obligations (tax, commercial law, etc.)

In such cases, we may refuse your request with justification.

12. Users Under 16

12.1 Age Restriction

The Collecist Platform is intended for users aged 16 and above. We do not knowingly collect personal data from children under 16.

12.2 Parent/Guardian Responsibility

If you become aware that a child under 16 is using our Platform:

• Immediately notify privacy@collecist.com
• Account will be closed and data deleted

If you are a parent or guardian, it is your responsibility to monitor your child's internet activities.

12.3 Special Protection

If a user under 16 is detected:

• Account is immediately suspended
• All personal data is deleted
• Relevant parties are notified
• Incident is recorded (to prevent new registration)

13. Payment and Financial Information

13.1 Payment Processing

Collecist does not store credit card information. All payment transactions are:

• PCI-DSS certified third-party payment processors
• (Stripe, PayTR, Iyzico, etc.)

Securely processed through these providers.

13.2 Payment Information We Store

We only store the following limited information:

• Transaction ID
• Transaction status (successful/failed)
• Transaction amount and currency
• Transaction date
• Card last 4 digits (optional, for identification purposes)
• Payment method type (credit card, bank transfer, etc.)

13.3 Invoice Information

For paid services:

• Invoice name and address
• Tax ID number (for corporate)
• E-invoice/e-archive information

Retained for 10 years as per tax legislation.

13.4 Subscription Management

Stored for tracking:

• Your subscription plan and status
• Renewal dates
• Usage history
• Cancellation and refund requests

13.5 Fraud Prevention

To prevent payment fraud, we may analyze:

• IP address
• Device fingerprint
• Transaction history
• Suspicious activity markers

14. Third-Party Links and Integrations

14.1 External Websites

Third-party websites accessible from the Platform (artist personal sites, gallery sites, social media, etc.):

• Are subject to their own privacy policies
• Are outside Collecist's control
• We accept no responsibility for these sites

Our recommendation: Read the relevant privacy policies before submitting data to third-party sites.

14.2 Social Media Integrations

Social Login:

• Login with Facebook, Google, Apple accounts
• Profile information you permit is shared
• Social media platform's policy applies

Share Buttons:

• When you use "Share" buttons
• The relevant social media platform may collect information
• May use cookies and tracking technologies

Social Media Feeds:

• Instagram, Twitter feeds
• Through third-party APIs
• Relevant platform's terms apply

14.3 Analytics and Measurement Tools

Third-Party Services We Use:

• Google Analytics: Web traffic analysis
• Google Tag Manager: Tag management
• Facebook Pixel: Advertising performance
• Hotjar: User behavior heatmaps
• Mixpanel: Product analytics

Each has its own privacy policy. For details:

• Google: https://policies.google.com/privacy
• Facebook: https://www.facebook.com/privacy
• Hotjar: https://www.hotjar.com/legal/policies/privacy

14.4 Opt-Out Options

To opt out of third-party tracking:

• Google Analytics: https://tools.google.com/dlpage/gaoptout
• Facebook Pixel: Facebook ad settings
• Browser Extensions: Ghostery, Privacy Badger
• Do Not Track (DNT): From browser settings

14.5 APIs and Integrations

The Platform may offer integrations for artists and galleries with:

• E-commerce platforms (WooCommerce, Shopify)
• Inventory management systems
• CRM tools

In this case:

• Limited data shared with your permission
• Integration control is yours
• Third party's policy applies

15. Communication Preferences and Notifications

15.1 Types of Communication

Transactional Communications (Cannot Opt-Out):

• Account verification and security
• Password reset
• Order and invoice notifications
• Important service updates
• Legal notices and terms changes
• Critical security alerts

Platform Activity Notifications (Adjustable):

• New message and offer notifications
• Artwork like and comment notifications
• Follower activities
• Exhibition updates

Marketing Communications (Consent-Based):

• Weekly/monthly newsletters
• New feature announcements
• Special campaigns and discounts
• Event invitations
• Curatorial recommendations
• Personalized artwork suggestions

15.2 Preference Management

Email Preferences:

• Account settings > Notifications > Email Preferences
• "Manage Preferences" link at bottom of each email
• "Stop All Emails" for complete unsubscribe

SMS Preferences:

• Account settings > Notifications > SMS Preferences
• Quick exit by replying "CANCEL"

Push Notification Preferences:

• Mobile app > Settings > Notifications
• iOS: Settings > Collecist > Notifications
• Android: Settings > Apps > Collecist > Notifications

In-Platform Notifications:

• Profile > Settings > Notification Preferences
• Adjustable separately for each category

15.3 Communication Frequency

• Newsletters: Maximum weekly 1
• Campaign Emails: Maximum monthly 4
• Product Updates: As needed
• SMS: Only for critical notifications

15.4 Personalization

We personalize our communications based on your interests:

• Artists you follow
• Artwork types you like
• Your browsing history
• Your location information (with permission)

Disable Personalization: Account settings > Privacy > Disable "Personalized Content" option.

16. Policy Changes

16.1 Update Process

This Privacy Policy may be updated from time to time. Reasons for changes:

• Legal requirements
• New features and services
• Business model changes
• Security improvements
• User feedback

16.2 Notification Methods

Minor Changes:

• Publication on website
• Change in "Last Updated" date
• In-platform notification

Significant Changes:

• Email notification (to all registered users)
• In-platform pop-up notification
• SMS notification (for critical changes)
• At least 30 days advance notice

16.3 Effective Date

• Updated policy takes effect when published on the website
• For significant changes: 30 days after notification
• Continuing to use the Platform = Accepting the changes

16.4 Non-Acceptance

If you do not accept the changes:

• You can close your account
• You can request deletion of your personal data
• You can communicate your objection via privacy@collecist.com

16.5 Previous Versions

To view previous policy versions:

• www.collecist.com/privacy-policy/history
• Request to privacy@collecist.com

17. Special Circumstances and Additional Information

17.1 Artwork Provenance and Authentication

For artworks displayed on the Platform:

• Provenance (origin) information
• Authenticity certificates
• Valuation reports
• Ownership history

Are provided by users and content responsibility lies with them. Collecist does not guarantee the accuracy of this information.

17.2 International Sales and Customs

For cross-border artwork transactions:

• Customs declarations
• Export/import licenses
• Tax documents
• Cultural property permits

Are the responsibility of buyer and seller. Collecist is not involved in these processes.

17.3 Cultural Heritage and Sensitive Artworks

The following are strictly prohibited on the Platform:

• Illegal trade in cultural property
• UNESCO protected works
• Unethically sourced artworks

Report suspicious situations immediately: report@collecist.com

17.4 Insurance and Liability

Collecist assumes no responsibility for:

• Artwork damage
• Loss or theft
• Transportation accidents
• Value depreciation

Artists and collectors are advised to obtain appropriate insurance.

17.5 Dispute Resolution

For disputes regarding data protection:

1. First contact us
2. Expect response within 30 days
3. If unsatisfied:
• Apply to Personal Data Protection Authority
• Consider mediation processes
• Pursue legal remedies

18. Regional Compliance and Special Rights

18.1 Turkey (KVKK)

Under KVKK Law No. 6698:

• Data controller: İzlence Bilişim Ltd. Şti.
• VERBİS registration: [Registration number to be added]
• Data Protection Authority application: https://www.kvkk.gov.tr

Special Rights:

• Withdraw explicit consent
• Access data processing inventory
• Apply to data controller (Article 13)

18.2 European Union (GDPR)

Additional rights for EU/EEA citizens:

• Right to data portability
• Right to restriction of processing
• Object to automated decision-making
• Our representative in EU: [Information to be added]

EU Supervisory Authorities: Each EU member state has its own data protection authority. List: https://edpb.europa.eu

18.3 California (CCPA/CPRA)

For California residents:

• Right to Know: Data collected in last 12 months
• Right to Delete: Except exceptions
• Right to Opt-Out of Sale: "Do not sell my personal information"
• Non-Discrimination: For exercising rights

Note: Collecist does not sell personal information.

18.4 Other Regions

Brazil (LGPD):

• ANPD applications
• Our representative in Brazil: [Information to be added]

Canada (PIPEDA):

• Privacy Commissioner applications
• Our representative in Canada: [Information to be added]

19. Contact and Support

19.1 Data Protection Contact

General Questions:

• Email: privacy@collecist.com
• Phone: +90 216 420 0056 (Ext: 101)
• Online Form: www.collecist.com/contact

KVKK Applications:

• Email: kvkk@collecist.com
• Application Form: www.collecist.com/data-request
• KEP: [KEP address to be added]
• Written Application:

  İzlence Bilişim Yazılım A.Ş.

  Personal Data Protection Unit

  Esenşehir, Kürkçüler Cd. No:94

  34776 Dudullu OSB/Ümraniye/İstanbul, Turkey

Security Incidents:

• Email: security@collecist.com
• Emergency Line: +90 216 420 0056 (24/7)

Content Complaints:

• Email: report@collecist.com
• In-Platform: "Report" button

19.2 Customer Support

General Support:

• Email: support@collecist.com
• Live Chat: www.collecist.com (bottom right corner)
• Phone: +90 216 420 0056
• WhatsApp: [Number to be added]

Business Hours:

• Weekdays: 09:00 - 18:00 (GMT+3)
• Weekends: Closed
• Public Holidays: Closed

Response Times:

• Email: 24-48 hours
• Live Chat: Immediate
• Phone: Immediate
• KVKK Applications: 30 days

19.3 Language Support

• Turkish (primary language)
• English
• Other languages: Upon request

19.4 Feedback

We welcome your suggestions to improve our privacy policy:

• feedback@collecist.com
• In-platform surveys
• User forums

20. Additional Resources

20.1 Related Documents

• Terms of Service: www.collecist.com/terms
• Cookie Policy: www.collecist.com/cookie-policy
• KVKK Information Notice: www.collecist.com/kvkk-notice
• Data Processing Agreement: Upon request

20.2 External Resources

Turkey:

• Personal Data Protection Authority: https://www.kvkk.gov.tr
• KVKK Application: https://www.kvkk.gov.tr/Icerik/6756/Application-Form

European Union:

• European Data Protection Board: https://edpb.europa.eu
• GDPR Full Text: https://gdpr.eu

General:

• Data Protection Rights: www.collecist.com/data-protection-guide
• Safe Internet Usage: www.guvenliweb.org.tr

20.3 Educational Materials

• Video Guides: www.collecist.com/privacy-guide
• FAQ: www.collecist.com/faq#privacy
• Blog Posts: blog.collecist.com/category/privacy

Final Notes

This Privacy Policy reflects our commitment as Collecist to your privacy and our dedication to transparency.

Important Reminder: Collecist is an art portfolio promotion and exhibition platform; we are not intermediaries in artwork sales and do not charge commissions. Sales processes occur directly between artists/galleries and collectors.

Please don't hesitate to contact us with any questions or concerns.

Sincerely, The Collecist Team İzlence Bilişim Yazılım Elektronik Sanayi ve Ticaret Limited Şirketi

Last Updated: December 30, 2025 Effective Date: December 30, 2025 Version: 2.0