For tech startups in Turkey, acquiring phone data is a critical component of user acquisition, customer support, and growth. However, it's paramount to understand that Turkey's data protection landscape is robust, primarily governed by the Law on the Protection of Personal Data (LPPD/KVKK) and the Electronic Commerce Law (ETK). These laws are heavily influenced by the EU's GDPR, meaning explicit, informed consent is the cornerstone of any compliant data acquisition strategy.
Purchasing pre-made, generic phone number lists for marketing in Turkey is generally illegal and carries significant risks of substantial fines and reputational damage for a tech startup.
Instead, Turkish tech startups must focus on building their own turkey phone number list databases of opted-in phone numbers through legitimate and transparent methods. Here's how to approach it:
I. Core Principles for Tech Startups in Turkey:
Explicit Consent (Aydınlatma Yükümlülüğü): This is the most crucial aspect. For any marketing or non-essential communication, you must obtain explicit, clear, and freely given consent. This means:
No pre-ticked boxes on forms.
Clear language explaining what the user is consenting to (e.g., "Receive product updates and offers via SMS").
Linking to your comprehensive Privacy Policy.
IYS (İleti Yönetim Sistemi - Message Management System) Compliance: For any commercial electronic messages (SMS, email, calls), a Turkish tech startup must register with IYS. All consents obtained through other channels (e.g., app, website) must be uploaded to IYS within three business days to be legally valid. Similarly, all opt-out requests must be processed and reflected in IYS within three business days. This system is actively enforced by the Turkish Ministry of Trade.
Alpha Sender ID Registration: For SMS communication, your startup's brand name (Alpha Sender ID) needs to be pre-registered with Turkish mobile operators. This enhances brand recognition and is a legal requirement for commercial messages.
Privacy by Design: For tech startups, integrating data privacy into the very design of your product or service from day one is crucial. This means:
Minimizing data collection to only what is necessary for the service.
Ensuring robust security measures for data storage.
Providing users easy ways to manage their data and preferences.