ROKMARKT.COM - PRIVACY POLICY

This Privacy Policy explains how personal data of visitors and registered users ("Users") is processed in connection with services provided through rokmarkt.com.

rokmarkt.com is a listing and middleman communication platform where listings related to Rise of Kingdoms accounts, resource offers and similar digital assets can be viewed, listing information is presented in an organized manner, and users may be directed to the relevant person, support team or middleman for communication. The platform does not directly sell products, does not receive payments on behalf of users, does not hold payments, does not process payments and does not provide escrow services. Sale and purchase, payment, transfer, approval, cancellation, refund and dispute processes take place outside the Site between the relevant buyer, seller and/or middleman.

This Policy applies to the web interface, membership and login flows, listing creation flows, support and contact channels, email notifications and related services offered through rokmarkt.com.

Identity and Account Information

• Username
• Email address
• Password hash records
• If you sign in with Google, login information provided from your Google account such as your email address, verified email status and provider account identifier

Contact Information

• Phone number, Discord username, Steam username or similar contact details may be processed only if provided by the user or if the relevant feature is used

Account, Listing and Order Information

• Game account listing descriptions, features, images, screenshots and similar listing content that you publish
• If a resource offer or resource order is created, contact and order details such as resource amount, estimated price, order status, Discord username, phone number and email address

Transaction and Usage Information

• Listings and order requests you create on the Platform
• Updates you make to listings
• Profile preferences, language selection and marketing permissions

Technical and Log Information

• IP address, browser information, device type, operating system and basic connection details
• Visit time, page view records and technical identifiers used to distinguish visitors and sessions
• Server logs, error logs, security logs, rate-limit records and basic performance measurement data

Communication and Support Records

• Support requests, contact form content and response records you send to us
• Technical records related to mandatory system emails

rokmarkt.com does not request special categories of personal data from users. Users should not share special category data through listing descriptions, support requests, screenshots or off-site communication channels. If such data is shared, the relevant content may be deleted, masked or removed from publication for security, legal compliance or platform order purposes.

Important Note: rokmarkt.com is not a payment institution, electronic money institution, bank, financial intermediary or escrow service provider. The Platform does not receive payments on behalf of users, does not hold payments, does not process payments and does not store sale proceeds within Rokmarkt. Credit card, debit card, IBAN or similar payment data are not collected on the Platform. Payment, transfer, approval, cancellation, refund and dispute processes take place outside the Site between the relevant buyer, seller and/or middleman.

Membership and Account Management

• Creating your membership record and managing your account
• Operating login, social login, password reset, email verification and email change flows

Publishing Listings and Operating the Platform

• Allowing you to create, edit and manage account listings, resource offers or resource orders
• Listing, filtering, sorting and operating core platform workflows

Communication and Notifications

• Sending mandatory notifications related to registration, login, email verification, password reset and email change processes
• Responding to your support requests

Security, Abuse Prevention and Legal Obligations

• Ensuring account and platform security
• Detecting and preventing suspicious activity, abuse and technical attacks
• Fulfilling legal obligations and managing evidence in case of disputes

Statistics and Improvement

• Measuring platform performance
• Analyzing error records, understanding basic usage trends and improving user experience

Marketing and Information (Where Explicit Consent Exists)

• Sending announcements, campaigns and informational emails if you give consent

Your personal data may be collected automatically or partially automatically through membership, login, listing creation, resource order flows, support requests, contact forms, email notifications, cookies, localStorage, sessionStorage, server logs and security records on the Site.

Your personal data may also be processed through the Google OAuth login flow, Cloudflare and Vercel infrastructure records, Brevo email delivery processes, Upstash rate-limit records, image files stored on Cloudflare R2, security/consent/analytics records stored on MongoDB, and membership, listing, resource order and middleman management records stored on Neon PostgreSQL.

Your personal data may be processed based on the legal grounds under Article 5 of the Turkish Personal Data Protection Law, including:

• processing being necessary for the establishment or performance of a contract,
• processing being necessary for the data controller to fulfill its legal obligations,
• processing being necessary for the establishment, exercise or protection of a right,
• processing being necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject,
• explicit consent where required

rokmarkt.com may use strictly necessary and functional cookies to operate the Site, maintain sessions, provide security and support basic analytics.

Cookies, localStorage, sessionStorage, beacons and similar technologies may be used for session management, language preference, security, visitor/session distinction, basic usage analytics and performance measurement. For example, session cookies, language preference cookies, visitor/session ID values and technical security records may be used.

Through cookies and similar technologies, data such as IP address, device information, browser information, visited pages, session duration and visitor/session identifiers may be processed.

Site usage and basic traffic measurements may be collected through internal analytics systems. In addition, third-party performance and basic analytics tools such as Cloudflare Web Analytics and Vercel Speed Insights may be used.

You can reject cookies or delete existing cookies through your browser settings; however, some functions of the Site may not operate properly in that case.

Where required, user preference or explicit consent mechanisms are operated for non-essential analytics, advertising, marketing or performance technologies. If a cookie panel or preference management interface must be provided, user choices may be managed through that panel.

For the operation of the Site, third-party technical service providers may be used for hosting, servers, databases, CDN, security, logging, email delivery, support and communication services. Only personal data necessary for providing the service, ensuring security, managing support requests and fulfilling legal obligations is shared with these providers.

The Site may rely on third-party technical service providers such as Vercel, Neon PostgreSQL, MongoDB Atlas, Cloudflare, Cloudflare R2/CDN, Brevo, Upstash Redis, Google OAuth, Cloudflare Web Analytics and Vercel Speed Insights. These providers may process personal data only to the extent necessary for hosting, database operations, media storage, CDN delivery, security, rate-limiting, email delivery, social login, performance measurement, basic analytics, logging and system security.

Brevo is used for mandatory notification emails and system emails. Similar email service providers may also be used in the future if technically required.

In this context, the following may be transferred to Brevo:

• your email address,
• technical information related to the sent email, such as send time, delivery status and similar system records

This transfer is made only for the purpose of sending mandatory notifications and ensuring technical reliability.

Your personal data may be shared with the following parties, limited to the relevant purpose:

• Technical Service Providers: companies from which we receive hosting, database, CDN, media storage, email delivery, logging, security, rate-limiting and performance analysis services
• Competent Authorities: courts, prosecutors, regulatory authorities or other legally authorized institutions where required by law or lawful request
• Relevant Person, Seller, Buyer or Middleman: to the extent necessary for a user's request, a resource order, listing interest or the operation of the relevant transaction flow, contact details, listing information, resource order details and basic transaction-related information may be shared with the relevant person, seller, buyer or middleman

rokmarkt.com is not a seller, payment institution, escrow provider or transaction party that guarantees the accuracy of listings, the trouble-free state of accounts, transaction outcomes or the behavior of middlemen. The role of the Platform and its limits of responsibility are described in detail in the Terms of Use.

The User is responsible for any personal data they share with the relevant person, seller, buyer or middleman through communication channels outside the Site. Rokmarkt is not responsible for damages arising from personal data, payment information, account access details or similar information shared through off-site communication channels.

The servers of service providers used in operating the Site, such as Vercel, Neon PostgreSQL, MongoDB Atlas, Cloudflare, Cloudflare R2/CDN, Brevo, Upstash Redis, Google OAuth, Cloudflare Web Analytics and Vercel Speed Insights, may be located abroad, or such providers may access data from abroad. Therefore, your personal data may be transferred abroad or become accessible from abroad.

Such transfers are carried out only where the necessary legal conditions are met under Article 9 of the Turkish Personal Data Protection Law and relevant secondary legislation. For non-essential marketing, advertising or analytics activities requiring transfer abroad, user preference or explicit consent mechanisms may be operated separately where required. For processing activities that require transfer abroad, the relevant transfer mechanisms and legal conditions are also evaluated separately under Article 9 of the KVKK and the relevant secondary legislation.

Personal data is stored in line with applicable legal retention periods and the purposes of processing:

• Membership data: while the membership continues and, after its termination, for a reasonable period considering limitation periods, legal obligations and dispute management.
• Session cookies and session records: for the session duration or for reasonable periods required for security purposes.
• Security and authentication event records: for periods defined in technical systems for abuse prevention, security and legal evidence purposes; for example, some security events may be retained for up to 90, 365 or 730 days.
• Internal analytics records: for limited periods for basic usage and performance analysis; in the current system, daily aggregation records may technically be retained for up to 180 days.
• Legal approval and consent records: as long as the relevant rights and obligations continue for legal evidence purposes.
• Listing and resource order data: during the membership period and afterwards, taking into account applicable limitation periods for listing, order, dispute, security and legal evidence purposes.
• Marketing data: until explicit consent is withdrawn or the relevant processing purpose ceases to exist.
• Support requests and mandatory email records: during the periods required for service operation, technical follow-up and applicable limitation periods.

Personal data whose retention period has ended is deleted, destroyed or anonymized in accordance with applicable law and technical possibilities. For backups, security logs and records retained for legal evidence purposes, deletion processes may be completed over different periods depending on technical and legal requirements.

rokmarkt.com takes reasonable administrative and technical measures, within current technical possibilities, to protect personal data against unauthorized access, disclosure, loss or other unlawful processing.

• Authorization and access control
• Monitoring of security, error and abuse-related records
• Applying appropriate technical protections on server, database and media storage infrastructure

Your passwords are stored as cryptographic hashes using appropriate methods (e.g. bcrypt); they are not kept in plain text.

Data Controller:

• İsmail Hakkı GÜNDÜZ
• Eskişehir, Türkiye
• E-mail: [email protected]

You may submit requests regarding your personal data through [email protected] or through other methods specified in the KVKK and related legislation. If applications by registered electronic mail (KEP) or written post are accepted, the relevant KEP address or serviceable postal address will be stated separately.

Personal data applications are concluded as soon as possible and no later than 30 days, depending on the nature of the request.

This Privacy Policy may be updated from time to time. The current version is always published on rokmarkt.com and enters into force on the date it is published.