Privacy Policy (GDPR)

1. Data Controller

At Grup BMA (hereinafter "Company" or "Bema"), we place the highest priority on the security and lawful processing of your personal data in accordance with the Personal Data Protection Law and GDPR.

2. Purpose of Processing Personal Data

Your personal data (identity, contact, transaction security information) shared with us via the Bema AI assistant and portal ("Platform") is processed for the following purposes:

• Establishment and performance of the contract (Account creation),
• Provision of AI services offered via the Platform (sales assistance, data analysis, etc.),
• Execution of information security processes,
• Fulfillment of our legal obligations.

3. Transfer of Processed Personal Data

As a rule, your personal data is not shared with third parties. However, it may be transferred to our domestic or international suppliers from whom we receive cloud infrastructure services (hosting, database - Supabase/Railway) to perform the service, with necessary technical/administrative measures taken.

4. Method and Legal Reason for Collecting Personal Data

Your personal data is obtained automatically when you register on the Platform, configure integration settings, or fill out contact forms. This process is based on the legal reasons of contract performance and the legitimate interest of the data controller.

5. Rights of the Data Subject

To exercise your rights regarding your personal data and to get information, you can contact us at info@grupbma.com.tr. Your requests will be finalized within legal time limits.