1. INTRODUCTION
1.1. This Privacy Policy (“Policy”) is prepared by L2C Coaching and Consulting Trade Limited Company (“L2C” or “Company”) to outline the principles and procedures concerning the collection, processing, storage, and transfer of personal data in connection with any product and/or service (“Service”) provided by the Company. This Policy has been prepared in compliance with the Personal Data Protection Law No. 6698 (“KVKK”) and other relevant regulations, including the General Data Protection Regulation (“GDPR”), applicable in cases where GDPR applies, ensuring adherence to the obligations and principles set forth by such regulations.
1.2. Regarding the personal data processed during the activities specified in this Policy, the Data Controller is L2C Coaching and Consulting Trade Limited Company, registered under the Turkish Commercial Code and relevant legislation. L2C commits to conducting data processing activities in compliance with KVKK and GDPR, adopting the necessary technical and administrative measures to ensure the security of your personal data as required by applicable regulations.
1.3. This Policy applies to all personal data collected and processed by L2C through physical and digital channels. This includes, but is not limited to, the Platform (mobile or desktop applications, website, etc.), other channels managed by L2C (customer support hotline, email, face-to-face meetings, etc.), and areas integrated with third-party service providers (e.g., payment infrastructures, video conferencing applications).
1.4. The personal data referred to in this Policy may include data belonging to Coaching Provider Users, Coaching Recipient Users, potential users, business partners, supplier representatives, employee candidates, and visitors, covering all real persons interacting with L2C.
1.5. This Policy establishes the general principles of the data processing activities carried out by L2C. In mandatory cases, additional details may be provided through supplementary clarification texts, explicit consent forms, or contractual arrangements.
1.6. L2C reserves the right to amend and update this Policy at any time due to technical and administrative needs, legal regulations, or changes in operational processes.
1.7. The updated Policy will come into effect upon publication on the Platform, the Company’s official website, or the Application, and users will be notified in accordance with the method determined by L2C.
1.8. By continuing to use the Platform or L2C’s services, users are deemed to have accepted any updates made to this Policy.
2. PLATFORM / APPLICATION
2.1. This Policy applies to data processing activities related to the use of all Software developed or owned/controlled by L2C, including code, web-based services, mobile or desktop applications, cloud solutions, and other digital tools within this scope. The Policy encompasses the following data processing activities:
- 2.1.1. Use of Platform and Application: This includes all operations related to the use of L2C’s coaching services and subscription model via mobile or desktop applications and web-based interfaces. The term “Service” refers to the functionalities, tools, and additional benefits provided as part of the aforementioned Software.
- 2.1.2. Website Visits: This includes accessing websites owned or managed by L2C, viewing and using the resources available on these websites (e.g., text, visuals, documents, etc.).
- 2.1.3. Communication/Interaction with L2C: This includes interactions between users, potential users, or other related individuals with L2C via email, phone, face-to-face meetings, or similar channels.
2.2. This Policy does not cover the data processing activities of third parties (e.g., other companies or individuals offering products, services, websites, resources, or similar activities). L2C is not responsible for the policies and conditions of third-party applications or websites connected to the Platform via links or user-initiated integrations. Users are advised to review the policies and terms of such third parties.
2.3. The term “Personal Data” referred to in this Policy means any information relating to an identified or identifiable natural person (as defined under Article 3 of KVKK or Article 4(1) of GDPR as “any information relating to an identified or identifiable natural person”). Anonymous or anonymized information that cannot be linked to any real person is outside the scope of this Policy.
2.4. This Policy, together with other published or publishable clarification texts, terms of use, privacy policies, and agreements by L2C, forms an integral whole. The purpose of this Policy is not to override or invalidate such documents but to establish a general framework for data protection. Accordingly, specific or detailed matters regarding data processing should be interpreted in conjunction with the other applicable terms.
2.5. L2C may optionally provide an AI-driven mentoring or guidance feature within the Platform. Users opting into “AI Mentoring” acknowledge that certain data may be shared with or processed by the Third-Party AI Mentoring Partner in accordance with their terms and policies.
3. DATA CONTROLLER
3.1. L2C Coaching and Consultancy Trade Limited Company (L2C) is registered under the MERSİS number 0607083657000001, with the tax registration number 6070836570 at Sultanbeyli Tax Office, and its headquarters located at Fatih Mah. Selahaddin Eyyubi Cad. No: 8AE, İç Kapı No: 28, Sancaktepe/Istanbul. It can be reached through the contact number or via electronic communication at www.link2coaching.com and info@link2coaching.com
3.2. L2C collects, stores, and processes certain personal data to manage, develop, maintain the technical infrastructure of the Platform (including mobile and desktop applications, web interfaces, etc.), and facilitate communication with its users. In this framework:
- 3.2.1. L2C may also manage the personal data that users (Coaches / Coachees) transmit to one another during their interactions on the Platform. In this case, L2C technically acts as a data processor, while the respective Coaches or Users may independently qualify as data controllers or processors.
- 3.2.2. L2C does not directly manage or control private messages, images, or information shared between users. These are shared at the discretion of the users, while L2C ensures their secure storage, transmission, and protection within its technical infrastructure.
3.3. In interactions such as consultations, messages, or calendar bookings between a Coach and Coachee, both parties may occasionally assume the role of data controllers. For instance, if a Coach creates their own client database and processes Coachee data for a different purpose, responsibility for this data lies with the relevant Coach.
3.4. L2C acts solely as an intermediary service provider in such interactions and is not responsible for any legal obligations arising from user activities, such as storing data in different environments or sharing them.
3.5. Users are responsible for processing the personal data they access via the Platform (e.g., other users’ contact details) strictly in compliance with the law and within the boundaries defined by KVKK, GDPR, and similar regulations.
3.6. L2C may collaborate with domestic or international sub-processors for service development, technical support, customer service, hosting, security, or similar activities. These sub-processors are authorized exclusively to process data on behalf of L2C and within the defined purposes and instructions.
3.7. While selecting and contracting with its sub-processors, L2C transfers the necessary data protection obligations under applicable laws and ensures adequate technical and administrative measures are in place.
3.8. L2C transparently informs users about the sub-processors it works with, as specified or upon request.
3.9. L2C adheres to lawful and ethical practices in its data processing activities, ensuring the security of personal data through technical and administrative measures.
3.10. Platform users are obligated to process personal data obtained under KVKK, GDPR, or other applicable legislation in compliance with the law, adhering to the purpose and proportionality principles. Otherwise, L2C cannot be held liable for any legal violations, unauthorized sharing, or similar incidents that may arise.
3.11. L2C commits to conduct its data processing activities responsibly and in compliance with legal frameworks, ensuring the protection of data subject rights, fulfillment of consent and disclosure obligations, and alignment with principles such as continuity, security, and legality.
4. DEFINITIONS
| TERM | DEFINITION |
|---|---|
| Personal Data | Any information relating to an identified or identifiable natural person. |
| Sensitive Personal Data | Data categories requiring stricter protection under Article 6 of KVKK, such as health information or biometric data. |
| Data Subject | The natural person whose personal data is being processed (user, job applicant, etc.). |
| Explicit Consent | A freely given, specific, informed, and unambiguous indication of a data subject’s agreement to the processing of their personal data for specific purposes. |
| Platform | The system developed by L2C, providing an environment where Coaches and Coachees can interact and exchange services via mobile or desktop applications or web browsers. |
| Service | The term “Service” refers to all services provided under the subscription model through the Platform by L2C. This Service exclusively includes the operations and transactions offered by L2C and confined to the scope of the Platform. Any services provided by L2C outside the Platform are not considered within the scope of this definition. |
| User(s) | Individuals who create an account on the Platform and utilize its services, either as Coaches or Coachees. |
| Coaching Provider (Coach) | A user who provides coaching services on the Platform. |
| Coaching Recipient User (Coachee) | A user who receives coaching services on the Platform. |
| Software | It encompasses all digital infrastructure, codes, programs, modules, algorithms, database queries, interface components, and other software elements developed by or under the ownership/control of L2C. This definition includes all software components necessary for accessing and using the L2C Platform, such as server-side software, mobile or desktop application codes, APIs, feature sets, test scripts, compiled libraries, source code, design templates, and similar technical elements. |
| Subscription | It refers to the subscription model that users obtain in exchange for a specified fee to benefit from the services offered on the Platform. Subscription models may be offered as annual (“Annually”), monthly (“Monthly”), or other specified subscription methods, prices, and terms. The subscription model grants users the right to access the services specified within the scope of the Platform. |
| User Content | It refers to any data, text, visuals, videos, audio recordings, comments, or similar content provided, uploaded, or transmitted by the user to the L2C Platform or Services. The user is solely responsible for the intellectual property rights and legal compliance of such content. |
| KVKK | Refers to the Law No. 6698 on the Protection of Personal Data, which regulates the processing, storage, and sharing of personal data within Turkey. |
| GDPR | Refers to the General Data Protection Regulation (EU 2016/679), which governs the protection of personal data and privacy in the European Economic Area, including cross-border data transfers. |
| Data Processing | Any operation performed on personal data, whether through automated or manual means, including collection, storage, alteration, or deletion. |
| Application/Platform Information | It refers to the private mobile interface or page accessed with a username and password, where the user enters their personal data and other information specific to the application in order to carry out necessary transactions to benefit from the services offered on the L2C Platform. |
| Access Tools | It refers to the security information such as the username, password, PIN, or code used by the user to log into the L2C Platform and/or their account, granting access to the necessary management screens and other protected areas, which are known only to the user. |
| Devices | It refers to all personal or corporate devices, such as phones, tablets, and computers, that the user uses to access the L2C Platform (mobile or desktop applications, web interfaces, etc.). |
| Payment System | It refers to the online infrastructure used for paid services or subscription models offered on the L2C Platform, enabling the user to make payments. This system may work through third-party payment service providers (such as iyzico, paytr, stripe, paypal, etc.) or mobile app stores (e.g., Apple App Store or Google Play Store) under their own terms and conditions, and the user may need to accept the terms and conditions of these third-party services. |
| Application Store(s) | It refers to third-party platforms such as the Apple App Store, Google Play Store, or similar platforms through which mobile applications can be downloaded and updated; the user can obtain the L2C Platform from these stores and accepts that they are subject to the terms, usage conditions, pricing policies, and other regulations of these stores. |
| Third-Party Ads | It refers to marketing, advertising, promotional, or informational content owned by companies or individuals other than L2C that is displayed, linked, or shared through the L2C Platform or via the Platform. These advertisements are not under the control of L2C, and responsibility for content, accuracy, reliability, timeliness, and similar matters lies with the third party that presents the advertisement. |
| Third-Party Applications | It refers to independent software and services that can work in integration with the L2C Platform or that users can access and use through the Platform. The development, management, and responsibility of these applications lie entirely with the relevant third parties; when the user chooses to use such applications, they accept that they are subject to the terms and policies of the third-party provider. |
| AI Mentoring | Refers to the optional mentoring, guidance, or suggestion feature (the “AI Mentoring”) integrated into the L2C Platform and powered by a third-party provider. This service may involve automated responses, personalized suggestions, or analytics derived from artificial intelligence tools. All content, data processing, and confidentiality related to AI Mentoring shall be subject to both L2C’s and the third-party provider’s policies, and the User is responsible for reviewing the applicable terms. |
| Third-Party AI Mentoring Partner | Refers to the external entity or partner that supplies the AI-driven functionality (such as chatbots, predictive analytics, or other artificial intelligence tools) integrated with the L2C Platform. This partner has its own privacy/cookie policies and may collect or process data independently of L2C. |
5. COLLECTED PERSONAL DATA, METHODS, AND PURPOSES
5.1. L2C collects and processes personal data from Coaching Providers (Coaches), Coaching Clients (Coachees), potential users, suppliers, business partners, job applicants, and similar stakeholders interacting with us through the Platform, application, website, third-party service integrations, or physical channels as described below. The type of personal data processed varies depending on your role (Coach, Coachee, etc.), interaction level, and usage patterns within the Platform. The tables and descriptions below summarize the main data categories, examples of data, and the purposes for which the data is collected.
5.2. Health-related, biometric, or other sensitive data is processed only with explicit consent or when a legal basis exists for such processing. For example, sensitive data disclosed voluntarily by users during coaching sessions (e.g., health status, psychological assessments) is processed under the safeguards outlined in Article 6 of KVKK.
5.3. In some cases (e.g., profile photos, social media links, areas of expertise), sharing personal information is optional. Users can choose whether or not to share such details, but it’s important to note that withholding this information may affect the quality or functionality of the services.
5.4. When working with third-party services such as payment infrastructure, messaging modules, or analytics tools, personal data may be transferred to the necessary service providers in compliance with L2C’s instructions and legal regulations. Such transfers are conducted at a minimum level and processed according to applicable data protection frameworks.
5.5. Certain user data, such as publicly accessible social media profiles or data linked to third-party systems (e.g., LinkedIn, email verification services), may be retrieved or shared with the consent of the user. Users can revoke such integrations or connections at any time.
5.6. Identification Data and Contact Information
| Data Category | Data | Collected From | Method | Purposes |
|---|---|---|---|---|
| Identification Data | Name, surname, T.C. ID number, date of birth, nationality, gender, etc. | Coaching Providers, Coaching Recipients, All Users | Platform membership form (digital); Physical or digital signing | Contracting, membership registration, or providing/receiving services; Identification and security; Legal obligations fulfillment (e.g., invoice issuance, payroll) |
| Contact Data | Email address, phone number, address, etc. | All users, potential users | Platform membership/account screens; Contact forms (web/app) | Access to services and account management; User support, notifications, and operational communications; Offers and informational communications; Legal notices and official correspondence |
5.7. Account and Profile Data
| Data Category | Data | Collected From | Method | Purposes |
|---|---|---|---|---|
| Account Creation Data | User name, password, access to the system codes, profile photo (optional), profession, work schedule (e.g., availability hours) | Coaching Providers, Coaching Recipients, Potential Users | Platform registration screen (mobile/web); Profile settings (in-app) | Registering on the platform and enabling access and security; Identifying the coaching role; Matching algorithms (e.g., suitable calendar intervals) |
| Profile Information and Additional Information | Coaching certificates, resume, biography, social media account links, professional expertise, requests | Coaching Providers, any Coaching Recipients requesting | Profile management page (app/web); Optional connection/integration through social media accounts (if applicable) | Improving service quality, ensuring matching; Verifying expertise of coaching providers; Profile management aimed at enhancing user satisfaction |
| AI Mentoring Interaction Data | Chat inputs, user profile context, usage patterns | Users who opt in / use AI Mentoring | Real-time or stored interactions processed by the AI Mentoring module | Providing automated suggestions, personalized analytics, and guidance |
5.8. Usage Data
| Data Category | Data | Collected From | Method | Purposes |
|---|---|---|---|---|
| Session and Access Data | IP address, browser details, device type, operating system, cookie data, time spent on the app, login/logout times, etc. | All Users | Automatically collected log data during web/mobile app visits (e.g., Google Analytics); Cookies/User Tracking (analytics tools, Google Analytics, etc.) | Ensuring the secure and error-free operation of the Platform; Performance and traffic analysis; Application optimization; Identifying and resolving technical issues; Preventing misuse, fraudulent actions, and illegal activities |
| In-Platform Behavior | Navigation within app menus, clicked links, coach search preferences, reserved coaching sessions, message frequency, types of shared content, etc. | All Users | Usage statistics within the app; Automatic event logs (e.g., “button clicked,” “session reserved”) | Improving and personalizing user experience; Running automated or recommendation-based matching algorithms (e.g., language, expertise, calendar suitability); Generating app usage statistics; Analyzing marketing and advertising efficiency |
| Session Log | Meta data such as the date, time, duration, participant details, and notes from coaching sessions. | Coaches, Coachees, Users | Session planning and approval via the coaching calendar; Automated logs (e.g., session duration, participant IDs) | Monitoring and scheduling coaching sessions; Measuring service quality and user satisfaction; Maintaining records for legal and contractual compliance (e.g., evidence, subscription tracking) |
5.9. Messaging and Content Sharing Data
| Data Category | Data | Collected From | Method | Purposes |
|---|---|---|---|---|
| Message Content | Platform-based communications, such as chats between Coaching Provider and Coaching Recipient, messages from contact forms, file shares, etc. | Coaching Provider, Coaching Recipient, User | In-app chat or private messaging module; Contact forms (web/app); Messages received via email or support channels integrated with the application | Enabling communication within the application; Monitoring the coaching process and maintaining records for documentation purposes (user consent or legal requirement, if applicable); Evidentiary records in case of disputes |
| Shared Files and Media | Documents like images, audio recordings, video recordings, PDFs, Word files, Excel files, etc. | All Users | In-app file upload module; Email or additional file transfer through support channels | Sharing materials required for coaching sessions or preliminary meetings; Improving user experience (e.g., assignments, mentoring materials) |
5.10. Payment and Financial Data
| Data Category | Data | Collected From | Method | Purposes |
|---|---|---|---|---|
| Payment Information | Partial credit or debit card numbers, payment date, billing address, transaction ID, subscription plan details, etc. | All users making subscription payments | Mobile app store payments (Apple Store, Google Play, etc.); Credit card payment forms (third-party infrastructure) | Collecting subscription fees or coaching service charges; Issuing invoices, legal accounting, and taxation; Dispute resolution |
| Third-Party Payment Systems | Transaction data processed via iyzico, PayTR, Stripe, PayPal, etc. | Users making subscription payments | Integration with external payment providers; Redirecting users to third-party pages (SSL, etc.) | Integration with external service providers; Secure and fast payment transactions; Fraud prevention and auditing |
5.11. Data Specific to Coaching Processes
| Data Category | Data | Collected From | Method | Purposes |
|---|---|---|---|---|
| Coaching Session Data | Session topic, coaching goals, feedback, coach evaluations, Peer Coaching notes, calendar reservations, etc. | Coach, Coachee | In-app calendar/reservation module; Post-session surveys / automated feedback forms | Measuring coaching service quality; User satisfaction surveys; Statistical analysis and reporting |
| Peer Coaching Data | Information from chemistry (introduction) sessions, status of completion of 4 sessions, ICF evaluation, etc. | Coach, Coachee | Automatic system logs (recording the status after each session); ICF-based survey or evaluation tools (in-app) | Ensuring the functionality of the Peer Coaching system (e.g., record of 1 Chemistry + 3 coaching sessions); Tracking certification registration processes when necessary |
6. LEGAL GROUNDS FOR THE PROCESSING OF PERSONAL DATA
6.1. Personal data processed within the scope of the services provided by L2C are handled in accordance with the relevant provisions of the Constitution of the Republic of Turkey, Law No. 6698 on the Protection of Personal Data (KVKK), Law No. 6563 on the Regulation of Electronic Commerce, Turkish Penal Code, and other applicable legislation. When the application area is within the European Union or when cross-border data transfer is concerned, the General Data Protection Regulation (GDPR) of the European Union is also considered.
6.2. The Establishment and Fulfillment of Contracts: The fundamental legal basis for the processing of personal data is directly related to the establishment or fulfillment of contracts, in line with KVKK art. 5/2(c) and GDPR art. 6(1)(b). Activities such as using the Platform or the Application, purchasing subscriptions, or matching Coaches and Coachees fall under this scope, and the processing of personal data for these purposes may be carried out without the need for explicit consent as part of our contractual obligations.
6.3. Legitimate Interest: Certain data processing activities are conducted based on the legitimate interests of L2C, pursuant to KVKK art. 5/2(f) and GDPR art. 6(1)(f), ensuring that fundamental rights and freedoms are not infringed. For instance, purposes like improving application performance, preventing fraud and misuse, enhancing user experience, generating corporate reports, ensuring continuity, and maintaining security may fall under this scope. Such processing is always carried out in a way that prioritizes data minimization and the interests of data subjects.
6.4. Compliance with Legal Obligations: In cases where data processing is necessary for compliance with legal obligations, such as requests from official institutions, this is conducted under KVKK art. 5/2(ç) and GDPR art. 6(1)(c). For example, processing may include fulfilling legal obligations arising from court orders or providing requested data to public authorities in line with applicable laws.
6.5. Explicit Consent: In cases where data processing does not fall under the above-mentioned legal grounds, your data may be processed based on your explicit consent, in accordance with KVKK art. 5/1 and GDPR art. 6(1)(a). For instance, enriching your profile with additional data (documents, photos, projects, etc.) or requesting additional permissions on the platform requires your explicit consent. Giving consent is entirely voluntary, and the absence of consent does not affect your ability to use the core services unless specifically required by law. You may withdraw your consent at any time, and such withdrawal will not affect the lawfulness of processing conducted based on consent before its withdrawal.
6.6. Special Categories of Personal Data: Under KVKK art. 6 and GDPR art. 9, special categories of personal data (e.g., health data, biometric data) are processed only in cases where explicitly permitted by law or based on explicit consent. L2C does not request such sensitive data unless necessary (e.g., sharing health-related information for specific coaching requests). In such cases, explicit consent mechanisms will be activated.
6.7. Other Legal Grounds for Processing: In addition to the above legal grounds, personal data may also be processed under other provisions such as KVKK art. 5 and 6 or GDPR art. 6(1)(d)-(e), for example, in situations of “vital necessity” where the processing of data is required to protect the life or physical integrity of a person or for public interest purposes.
6.8. Furthermore, apart from the processing of data necessary for the establishment or fulfillment of contracts, the provision of any service or product is not conditioned upon the processing of non-essential personal data unless required by another legal provision. If such additional processing is required, your explicit consent will be sought. You may exercise your rights under KVKK art. 11 or GDPR art. 12-21 at any time to withdraw your consent, have your data erased, or anonymized.
| Purpose | Legal Basis | KVKK Basis | GDPR Basis |
|---|---|---|---|
Establishment and Execution of the Contract
| Processing personal data is directly related to the establishment or fulfillment of a contract and does not require explicit consent when necessary. | KVKK Art. 5/2(c): “Directly related to the establishment or fulfillment of a contract.” | GDPR Art. 6(1)(b): “Necessary for the performance of a contract.” |
Legitimate Interest
| Processing activities conducted for the purpose of protecting L2C’s or third-party’s legitimate interests without violating the fundamental rights and freedoms of data subjects and without requiring explicit consent, as long as it does not infringe fundamental rights and freedoms. | KVKK Art. 5/2(f): “Processing is necessary for the legitimate interests of the data controller or a third party.” | GDPR Art. 6(1)(f): “Legitimate interest.” |
Compliance with Legal Obligations
| Data required for fulfilling the legal obligations of L2C or its users under applicable legislation, including official institutional requests and legal proceedings. | KVKK Art. 5/2(ç): “Processing is necessary for compliance with a legal obligation to which the data controller is subject.” | GDPR Art. 6(1)(c): “Compliance with a legal obligation.” |
Explicit Consent
| Personal data requiring explicit consent, including optional profile data, processing subject to consent-based conditions, and marketing/communication approvals. AI Mentoring Feature: Processed under user consent for optional AI-driven insights, or under legitimate interest for performance improvements (ensuring fundamental rights are not infringed). | KVKK Art. 5/1: “Presence of explicit consent”; KVKK Art. 6/2 and 6/3: “Explicit consent for special category data.” | GDPR Art. 6(1)(a): “Consent”; GDPR Art. 9: “Explicit consent for special category data.” |
Force Majeure/Public Interest
| Data processing is mandatory in special circumstances such as emergencies, where the protection of an individual’s life or physical integrity is essential, or for public health and safety, without requiring explicit consent. | KVKK Art. 5/2(d): “Force majeure, etc.” | GDPR Art. 6(1)(d)/(e): “Protection of vital interests or public interest.” |
| Compliance with Legal/Statutory Obligations | Performing actions stipulated by applicable laws, such as reporting, invoicing, and official notifications, and ensuring necessary information is provided in response to requests and audits by official authorities. Provision of necessary information in line with the requests and audits of official authorities. | KVKK Art. 5/2(ç): “Processing is necessary to fulfill legal obligations of the data controller.” | GDPR Art. 6(1)(c): “Processing is necessary for compliance with a legal obligation to which the data controller is subject.” |
7. TRANSFER OF PERSONAL DATA
7.1. Your personal data is transferred under the following conditions: to the companies providing services under our service agreement for the fulfillment of our contractual obligations, to establish or perform a contract where necessary, for the processing of personal data pertaining to the parties to a contract, for fulfilling legal obligations such as transmitting identity information to the Revenue Administration (GİB) in accordance with legal requirements, for ensuring legal obligations of the data controller, for the use of corporate programs, and for maintaining business continuity by utilizing services and software required for corporate development. Data may also be shared with our business partners, suppliers, and legally authorized public institutions and organizations where necessary. Additionally, your personal data may be transferred to our business partners located domestically or abroad, whose servers and cloud systems are located overseas, subject to your explicit consent or provided that the relevant foreign country ensures adequate protection for data security in writing and with the permission of the Personal Data Protection Authority.
7.2. Service Providers: Organizations in this group are processors or sub-processors acting under the instructions of L2C. L2C ensures that data shared with these parties complies with legal frameworks by securing data protection agreements (DPA) or equivalent legal assurances.
| Service Type | Purpose | Data | Providers | Notes |
|---|---|---|---|---|
| Cloud Storage / Hosting | Storing personal data processed on the Platform, database management, backups, and general accessibility | All data categories (identity, contact, usage data, etc.) | AWS (Amazon Web Services), etc. | Servers may be located domestically or internationally. Transfer is conducted under KVKK Article 9 or GDPR Article 44 and related provisions. |
| Product/Infrastructure Monitoring and Error Tracking | Monitoring system performance, detecting errors | All data categories may be processed as “indicative”; generally limited to identity, IP, application version, and error reports. | Google, Firebase, AWS | Error sources, device-app details, IP, etc., are processed. Generally includes identity, IP, app version, and limited to error reports. |
| Communication / Messaging Services | Facilitating in-app chat, push notifications, email verification, customer support channels, and similar communication tools | Identity, contact data, message contents (chat channel), profile information, app usage data | Firebase Cloud Messaging, OneSignal, etc. | Messages between users and coaches go through L2C servers. Sub-processors only provide technical transmission/analysis. |
| Marketing / Analytics Services | Analyzing user behavior, measuring advertising/marketing efficiency, user segmentation, product development (A/B tests) | Device data, IP, app usage statistics, ad clicks/interactions | Google Analytics | Some data processing involves cookie technologies or SDKs. User consent or cookie preferences apply. |
| Email Verification & Delivery | Verifying user accounts during sign-up or password reset, mass email marketing, notifications | Identity (name-surname), email address, IP, date-time information | Google Workspace, SMTP, Mailchimp, etc. | Used to verify user email addresses and for sending newsletters/announcements. |
| Payment Processors / Payment Gateways | Subscription/coaching fee collection, invoicing, card/bank information verification, refund, and dispute management. | Identity (name-surname), contact data, transaction details | Iyzico, PayTR, Stripe, PayPal, App Store Payment Gateways, etc. | Full card information is handled externally by payment processors. |
| Data Analytics / Ad Performance | Understanding service usage, measuring ad impressions, optimizing campaigns | All data categories, typically anonymized or pseudonymized data based on ID | Google Ads, Meta Ads | Processed for metrics-focused purposes based on user consent or legitimate interest. |
| System Security | Verifying the accuracy and sufficiency of user-provided information, ensuring the quality and security of the Platform’s services, verifying/ensuring user profiles | All data categories (identity, professional experience, contact, usage data, etc.) | Public/private institutions, international education and certification organizations | Ensures compliance with legal obligations and safety/security measures under legitimate interest or legal compliance frameworks. |
| AI Mentoring Partner | Providing AI-based suggestions, chat analysis, and user guidance | Chat inputs, user profile data, usage metrics | THeach | Processed under explicit consent or relevant legal ground; partner has its own privacy/cookie policy. |
7.3. Third Parties: This group includes L2C’s business partners, entities involved in legal requirements, or corporate actions (e.g., mergers, acquisitions). Data sharing occurs not for L2C’s processing activities but rather for the purposes and under the authorizations defined by these entities.
| Third Party | Purpose | Data | Notes |
|---|---|---|---|
| Advertising/Marketing Networks (Ad Networks) | Displaying advertisements relevant to users, measuring marketing effectiveness, retargeting, etc. | Identity data, device ID, IP, and usage data collected via cookies or SDKs. | Data is shared under user consent (especially for cookie/pixel data) or legitimate interest grounds. |
| Social Media Platforms | Advertising and targeting purposes through platforms like Facebook Custom Audience, Instagram, Pinterest, etc. | ID used for targeting, email hashes, app usage data. | Social media integration might trigger user interaction; data is shared with consent or legitimate interest grounds. |
| Authorized Legal Bodies (Courts, Data Protection Authorities, etc.) | Compliance with legal obligations, judicial/administrative processes, regulatory reporting. | Any data required as per court orders, regulatory requests, or legal requirements. | Shared under KVKK Art. 8/9 and GDPR Art. 6(1)(c) or (e) as necessary to meet legal obligations. |
| Company Mergers/Acquisitions/Corporate Restructuring | Transfer of all or specific assets, mergers, reorganization. | All categories of data held under L2C’s responsibility (depending on the scope of the transfer). | Users are informed in advance; data is transferred to the acquiring company with care to ensure privacy protection. |
| Corporate Group / Affiliates | Internal operations, management reporting, human resources, legal, accounting, etc. | Relevant data categories (identity, contact, financial, etc.), as necessary for the business purpose. | Shared within the group under legitimate interest or legal compliance grounds. |
7.4. During the coaching process, data exchanges between the Coach and Coachee (messages, documents, etc.) fall under their responsibility. L2C provides only the infrastructure and is not responsible for data processed under their initiative.
7.5. L2C may be obligated to share data upon requests from law enforcement or judicial authorities.
7.6. The specific purposes and legal bases for data sharing are detailed. Each transfer complies with user rights, data minimization, and other principles under KVKK and GDPR.
7.7. L2C periodically revises its service providers and updates this policy as necessary.
8. DATA SUBJECT RIGHTS
8.1. Rights of the Data Subject under Article 11 of KVKK:
- 8.1.1. To learn whether personal data has been processed,
- 8.1.2. To request information if personal data has been processed,
- 8.1.3. To learn the purpose of processing and whether it has been used in accordance with this purpose,
- 8.1.4. To know third parties to whom personal data has been transferred domestically or abroad,
- 8.1.5. To request correction of incomplete or inaccurate data,
- 8.1.6. To request deletion or destruction of personal data within the framework of the conditions set forth in Article 7 of KVKK,
- 8.1.7. To request notification of the transactions made pursuant to subparagraphs (5) and (6) to third parties to whom the personal data has been transferred,
- 8.1.8. To object to the emergence of a result against them by analyzing processed data exclusively through automated systems,
- 8.1.9. To claim compensation for damages arising from unlawful processing of personal data.
8.2. Additional Rights under GDPR:
8.2.1. If GDPR is applicable, the data subject has the right to data portability, the right to request restriction of processing, and the right to withdraw consent for processing activities.
8.2.2. If you have a request regarding your rights under Article 11 of Law No. 6698 as a data subject, you may submit your application by meeting the minimum requirements stipulated in the Regulation on the Principles and Procedures for the Application to the Data Controller through one of the following methods: by sending a communication to our KEP (Registered Electronic Mail) address, by sending a communication securely signed with an electronic signature to our e-mail address info@link2coaching.com registered in our system, or by submitting your application in writing either personally or through a notary to the address Fatih Mah. Selahaddin Eyyubi Cad. No: 8AE, İç Kapı No: 28, Sancaktepe/Istanbul. We, as the Company, will resolve your application free of charge within the shortest time possible and no later than thirty days, depending on the nature of your request. However, if the process incurs an additional cost, a fee will be charged in accordance with the tariff determined by the Personal Data Protection Authority.
9. POLICY CHANGES
9.1. L2C reserves the right to unilaterally amend this Policy. The updated version of the Policy will take effect on the Platform or on the official website of L2C upon its publication. Users are responsible for staying updated with the changes. Continued use of the Platform constitutes acceptance of the updated terms.
Appendix A — Mobile Application Disclosures
The following appendix supplements the Policy above with disclosures specific to L2C’s mobile applications, as required by the Google Play User Data policy and the Apple App Store Review Guidelines. It does not modify the substantive terms of the Policy.
A.1. Application Identification
This Policy applies to the Link2Coaching mobile application published by L2C Coaching and Consulting Trade Limited Company:
- Android: distributed on Google Play under package name
com.l2coaching.app. - iOS: distributed on the Apple App Store under the corresponding bundle identifier.
The mobile application provides access to the same Platform and Services described above and is governed by this Policy in its entirety.
A.2. Mobile Application Permissions and Device Access
The Link2Coaching mobile application requests the following device-level permissions on Android and iOS. Each permission is requested only when needed for the related feature; you may decline or revoke any permission at any time through your device’s system settings, and the application will continue to function with that feature disabled. The application does not collect or transmit precise or approximate location data, contacts, calendar entries, SMS, call logs, or advertising identifiers.
| Permission | Platform | Purpose | Data Sent Off-Device |
|---|---|---|---|
Internet (android.permission.INTERNET) | Android | Required for all communication with L2C servers (login, coaching sessions, messaging, payments). | Account, session, and messaging data sent to the L2C backend over HTTPS. |
Camera (android.permission.CAMERA / NSCameraUsageDescription) | Android & iOS | Capturing a profile picture and enabling video during coaching video calls. Used only when you actively start the camera. | A profile photo, if you save one, is uploaded to L2C storage. Live video frames are streamed to the other call participant during a session and are not recorded or stored by L2C. |
Microphone (android.permission.RECORD_AUDIO / NSMicrophoneUsageDescription) | Android & iOS | Capturing audio during voice and video coaching calls. Active only during a call you initiate or accept. | Audio is streamed in real time to the other call participant. Calls are not recorded or stored by L2C unless explicitly stated and consented to in-session. |
Modify Audio Settings (android.permission.MODIFY_AUDIO_SETTINGS) | Android | Switching between earpiece, speaker, and Bluetooth audio routes during a call. Local-only. | None. |
Photo Picker / Files (android.permission.READ_EXTERNAL_STORAGE on Android 12 and below; NSPhotoLibraryUsageDescription on iOS) | Android & iOS | Letting you choose a profile picture or attach a document to a coaching session. On Android 13 and above the application uses the system Photo Picker, which does not require broad media permissions. | Only the specific file you select is uploaded to L2C storage. The application does not browse, scan, or upload other files on your device. |
In-App Billing (com.android.vending.BILLING / Apple StoreKit) | Android & iOS | Purchasing and restoring subscriptions through Google Play Billing or Apple StoreKit. | Purchase tokens are sent to Google or Apple and to L2C for subscription validation. L2C does not receive your full payment-card number. |
| Push Notifications (Firebase Cloud Messaging on Android, APNs on iOS) | Android & iOS | Delivering session reminders, message alerts, and account notifications. | A device push token is shared with Google (Firebase Cloud Messaging) on Android and Apple (APNs) on iOS, and is stored by L2C against your account so notifications can be targeted. |
A.3. Account and Data Deletion
You may request deletion of your Link2Coaching account and the personal data associated with it at any time, in either of the following ways:
- In-app: open the mobile application, go to Settings → Account, and tap “Delete Account”. Confirm the request when prompted.
- By email: send a deletion request from the email address registered to your account to info@link2coaching.com with the subject line “Account Deletion Request”.
Once your request is verified, L2C will delete your account profile and the personal data tied to it within thirty (30) days. Certain records may be retained for a longer period only where required by applicable law (for example, invoicing and tax records under Turkish commercial and tax legislation), or in anonymized form for statistical purposes that cannot be linked back to you. Subscription payment records held by Google Play, the Apple App Store, or other payment processors are governed by those providers’ own policies and must be requested directly from them.
