·
Giriş
Maximum Trade

Privacy Policy

Last updated: 23 April 2026

At Maksimum B2B ("Platform", "we"), we respect the privacy of our users' personal data under GDPR and Turkish Data Protection Law (KVKK). This Privacy Policy explains what data we collect, why, on what legal basis, and your rights.

1. Data We Collect

  • Account data: name, email, phone, company, tax ID, trade registry, billing address.
  • Transaction data: orders placed, payments, shipment status, IP address, session logs.
  • Technical data: browser type, device info, cookies, page visit history, click behavior.
  • Communication data: WhatsApp messages, support tickets, email correspondence.

2. Purpose of Collection

  • Managing orders and contracts (login, quote, purchase, shipment, invoice).
  • Fulfilling customs, accounting, and legal obligations (e-invoice, export declarations).
  • Improving service quality, developing UI, detecting security vulnerabilities.
  • Marketing communication (newsletter, campaigns, product recommendations) — only with explicit consent.

3. Legal Basis (GDPR Art.6 / KVKK Art.5)

  • Performance of a contract (data necessary for order flow).
  • Legal obligations (tax, customs, e-commerce regulations).
  • Legitimate interest (fraud prevention, system security, performance analytics).
  • Explicit consent (marketing, analytics cookies, third-party ads).

4. Sharing Data

  • With suppliers: the manufacturing company sees delivery address and product info for your order.
  • With logistics & customs brokers: minimum data needed for container tracking and export docs.
  • Payment processors: PCI-DSS certified providers like Iyzico, PayTR.
  • Authorized public bodies: only on legal request and to the extent required.
  • We do not sell your data to third parties for marketing.

5. Data Retention

  • Invoices and commercial documents: 10 years (per Turkish Commercial Code).
  • Contract-related data: 10 years from termination.
  • Marketing data: until consent is withdrawn or after 3 years of no engagement.
  • Technical logs: 1 year.

6. Cookies

  • Essential cookies: session, cart, security — cannot be refused.
  • Analytics cookies (Google Analytics): visitor counts and usage stats.
  • Marketing cookies (Meta Pixel, Google Ads): ad personalization.
  • See our Cookie Policy for details.

7. Your Rights (GDPR Art.15-22 / KVKK Art.11)

  • Right to access, rectify, delete, and transfer your personal data.
  • Right to restrict or object to processing.
  • Right to withdraw consent at any time (marketing communication, etc.).
  • For requests: privacy@maximumtrade.com — we respond within 30 days.

8. Security

  • All traffic encrypted with TLS 1.3. Passwords hashed with bcrypt (cost 12).
  • Credit card data is NEVER stored on our servers — sent directly to PCI-DSS certified processors.
  • Admin panel requires 2FA and IP-based access restriction.
  • Daily backups encrypted with AES-256, stored in the European region.

9. International Data Transfer

  • Your data is kept primarily in Turkey (Kurtuluş Data Center).
  • When foreign infrastructure (AWS/Google) is used, GDPR "Standard Contractual Clauses" apply.
  • Explicit consent may be requested for transfers abroad (KVKK Art.9).

10. Policy Updates

  • We may update this policy. Material changes are notified by email.
  • The last update date is shown at the top of this page.