Personal Data Protection Law

1. Relevant Persons

Customers
DATA CATEGORIES

1.1.1- Identity Information

Processed Personal Data:

Name - Surname, Date of Birth, Gender, Turkish Identity Number

Purposes of Processing Personal Data

Managing finance and accounting operations, communication activities, and compliance with regulations for company/product/service loyalty processes and activities; handling legal affairs and ensuring business continuity; managing sales and post-sales support services and processes; overseeing customer relationship management processes and customer satisfaction activities; conducting advertising, campaign, and promotion processes; executing storage and archiving activities; managing contract and membership processes; tracking requests and complaints; planning and implementing commercial and/or business strategies; conducting necessary activities to benefit from offered products and services and managing related business processes; providing information to authorized individuals, institutions, and organizations.

Legal Grounds for Processing Personal Data

Your personal data within this scope is processed by the Company based on the following legal grounds specified in the relevant legislation and Article 5 of the PDPL (Personal Data Protection Law): If it is explicitly provided by the laws, If it is directly related to the establishment or performance of a contract, and the processing of personal data of the parties to the contract is necessary, If it is mandatory for the data controller to fulfill its legal obligations, If it is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. For cases that do not fall within the above purposes, your personal data is processed based on your explicit consent as specified in the Consent Text

Methods of Collecting Personal Data

The personal data mentioned above is collected through membership forms on our website, fields in the "My Account" page that you may fill out based on your preferences, your requests and applications, contracts, campaigns, and third-party identity verification systems (e.g., Google Login, Facebook Login, etc.).

1.1.2- Contact Information

Processed Personal Data:

Email Address, Billing & Delivery Addresses, Mobile Phone Number

Purposes of Processing Personal Data

"Managing finance and accounting operations, communication activities, and compliance with regulations for company/product/service loyalty processes and activities; handling legal affairs and ensuring business continuity; managing sales and post-sales support services and processes; overseeing customer relationship management processes and customer satisfaction activities; conducting advertising, campaign, and promotion processes; executing storage and archiving activities; managing contract and membership processes; tracking requests and complaints; planning and implementing commercial and/or business strategies; conducting necessary activities to benefit from offered products and services and managing related business processes; providing information to authorized individuals, institutions, and organizations.

Legal Grounds for Processing Personal Data

Your personal data within this scope is processed by the Company based on the following legal grounds specified in the relevant legislation and Article 5 of the PDPL (Personal Data Protection Law): If it is explicitly provided by the laws, If it is directly related to the establishment or performance of a contract, and the processing of personal data of the parties to the contract is necessary, If it is mandatory for the data controller to fulfill its legal obligations, If it is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. For cases that do not fall within the above purposes, your personal data is processed based on your explicit consent as specified in the Consent Text

Methods of Collecting Personal Data

The personal data mentioned above is collected through membership forms on our website, fields in the "My Account" page that you may fill out based on your preferences, your requests and applications, contracts, campaigns, and third-party identity verification systems (e.g., Google Login, Facebook Login, etc.)

1.1.3- Legal Transaction Information

Processed Personal Data

In case of disputes: Information in legal case files, notices, and correspondence with judicial and administrative authorities

Purposes of Processing Personal Data

Monitoring and managing legal affairs; conducting and supervising business operations; providing information to authorized individuals, institutions, and organizations; ensuring compliance with regulations; executing storage and archiving activities; managing risk processes; overseeing contract processes; tracking requests/complaints; ensuring the security of data controller operations

Legal Grounds for Processing Personal Data

Your personal data in this category is processed by the Company based on the following legal grounds specified in the relevant legislation and Article 5 of the PDPL (Personal Data Protection Law): Necessity for the data controller to fulfill a legal obligation: Processing is required for the data controller to meet legal obligations. Necessity for the establishment, exercise, or protection of a legal right: Processing is essential for the establishment, use, or protection of a legal right. Necessity for the legitimate interests of the data controller: Provided that such processing does not harm the fundamental rights and freedoms of the data subject.

Methods of Collecting Personal Data

The personal data mentioned above is collected through official correspondence from judicial and administrative authorities and other printed/electronic documents.

1.1.4- Customer Transaction Data

Processed Personal Data

Invoice Information, Request Information, Order Information ,Customer Reviews

Purposes of Personal Data Processing

Managing Supply Chain Processes: Overseeing and coordinating supply chain management. Conducting Business Operations: Executing and supervising business activities. Providing Information to Authorized Entities: Sharing necessary information with relevant authorities. Ensuring Compliance: Conducting activities in accordance with legal requirements. Financial and Accounting Operations: Handling finance and accounting tasks. Storage and Archiving: Managing data storage and archiving activities. Managing Contracts: Overseeing the process of contract management. Sales Processes: Managing product/service sales and post-sale support services. Customer Relationship Management: Administering customer relations and satisfaction activities. Conducting Marketing Analysis: Performing marketing analysis and related activities. Running Advertising, Campaigns, and Promotions: Implementing advertising, campaign, and promotional activities. Handling Requests and Complaints: Tracking and addressing customer requests and complaints. Marketing Processes: Executing marketing processes for products/services

Legal Grounds for Personal Data Processing

Your personal data within this scope are processed by the Company for the purposes mentioned above, in accordance with the relevant legislation and Article 5 of the PDPL, based on the following legal grounds: explicit provision in laws, necessity for processing personal data directly related to the establishment or performance of a contract, necessity for the data controller to fulfill a legal obligation, and necessity for the data controller's legitimate interests, provided it does not harm the data subject’s fundamental rights and freedoms. For cases outside the purposes mentioned above, your personal data are processed based on your explicit consent as detailed in the Consent Text

Methods of Collecting Personal Data

The personal data mentioned above is collected through printed/electronic forms, call center records, emails, and SAP programs.

1.1.5- Transaction Security Information

Processed Personal Data

IP address information, website login and logout information, username information, traffic data (connection time/duration, etc.)

Personal Data Processing Purposes

The purposes of processing personal data are to manage information security processes, conduct audits and ethical activities, execute and monitor business activities, carry out storage and archiving activities, ensure the security of data controller operations, provide information to authorized persons, institutions, and organizations, conduct activities in compliance with legislation, monitor and manage legal affairs, manage sales processes for goods and services, and track requests and complaints.

Personal Data Processing Legal Reasons

Your personal data within this scope is processed by the Company to achieve the purposes mentioned above based on the legal reasons specified in Article 5 of the PDPL (Personal Data Protection Law): Explicitly prescribed by laws, Necessary for the data controller to fulfill its legal obligations, Necessary for the legitimate interests of the data controller, provided it does not harm the fundamental rights and freedoms of the data subject. For cases not covered by the above purposes, your personal data is processed based on your explicit consent as detailed in the Consent Text.

Methods of Collecting Personal Data

The personal data mentioned above is collected through information security systems and electronic devices.

1.1.6- Financial Information

Processed Personal Data

Encrypted Credit Card Information, Bank Account / IBAN Number Information

Personal Data Processing Purposes

Conducting activities in accordance with the legislation; monitoring and managing legal affairs; carrying out financial and accounting operations; managing refund processes; conducting and overseeing business activities; managing goods/service sales processes; conducting storage and archiving activities; managing risk management processes; managing contract processes; providing information to authorized persons, institutions, and organizations.

Personal Data Processing Legal Grounds

Your personal data in this context is processed by the Company based on legal grounds specified in the relevant legislation and Article 5 of the PDPL; processing of personal data of the parties to the contract is necessary for the establishment or performance of a contract directly related to the purposes mentioned above, and it is mandatory for the data controller to fulfill its legal obligations

Methods of Collecting Personal Data

The personal data mentioned above is collected through printed and electronic forms, emails, and requests and messages on the website.

1.1.7- Location Information

Processed Personal Data: Location Information

Personal Data Processing Purposes

The management of customer relations processes; conducting marketing analysis studies; managing advertising/campaign/promotion processes; carrying out customer satisfaction activities; executing marketing processes for products/services; managing product/service sales processes; overseeing production and operational processes for goods/services.

Legal Reasons for Processing Personal Data

The personal data in this scope is processed based on the legal reasons specified in Article 5 of the PDPL, including: the necessity of processing personal data for the establishment or performance of a contract, and the necessity for the data controller to fulfill its legal obligations

Methods of Collecting Personal Data

The personal data mentioned above is collected according to your preferences in the internet browser you use and in our company's mobile application.

TRANSFER OF PERSONAL DATA

Personal data of customers are transferred in accordance with the rules set forth in Article 8 titled ""Transfer of Personal Data"" and/or Article 9 titled ""Transfer of Personal Data Abroad"" of the PDPL (Personal Data Protection Law), and only to the extent necessary for the realization of the relevant purpose, with the necessary technical and administrative measures in place. This transfer is limited to the aforementioned purposes and may be shared with our affiliates and subsidiaries. It may also be transferred to: Sellers of purchased products (for product delivery), Cargo companies (for product delivery), Banks (for payment processing related to the product), Partners working on bulk SMS/email sending (for providing information on delivery and other matters), Suppliers and authorized service centers (for after-sales services if needed), Authorized persons and official institutions as required by legal regulations and legislation for fulfilling our legal obligations, Technology infrastructure providers who offer or provide access to our programs and/or systems.

2- Kişisel Verilerin Saklanması, Haklarınız ve Başvuru 

2.1- Storage and Destruction

Our company has established a Storage and Destruction Policy for the storage and deletion of personal data. The storage and destruction of your personal data are carried out in accordance with this policy. According to this policy, if the PDPL or relevant laws and regulations specify a period for the storage of data, the data must be stored for at least that period.

Considering possibilities such as a court request or a request from an administrative authority with legal authorization for the relevant data arriving late or the occurrence of a dispute in which we might be involved, the storage period for your data is determined by adding a period of 6 months to 1 year to the durations specified by the legislation. At the end of the determined period, the data is deleted, destroyed, or anonymized.

If the legislation does not specify a storage period for the data we process, taking into account potential disputes related to our relationship, your data will be deleted, destroyed, or anonymized without any request from you after the 10-year statute of limitations has passed from the end of our legal relationship.

If all conditions for processing personal data have been removed or if the storage period specified by us or determined by legislation has expired, your data will be automatically deleted, destroyed, or anonymized at the first periodic destruction date or within a maximum of 6 months. If you request the deletion of your data for a valid reason, your data will be deleted within a maximum of 30 days, as legally possible. If you request the deletion or destruction of your data before the specified storage periods established by the legislation, such a request cannot be fulfilled.

2.2- You'r Rights

Under the PDPL and relevant legislation, regarding your personal data

- To learn whether your personal data is being processed,

- To request information if your personal data has been processed,

- To learn the purpose of processing your personal data and whether it is used in accordance with that purpose,

- To know the third parties to whom your personal data has been transferred,

- To request the correction of your personal data if it has been processed incompletely or incorrectly,

- KVKK mevzuatında öngörülen şartlar çerçevesinde kişisel verilerinizin silinmesini veya yok edilmesini isteme,

- To request the deletion or destruction of your personal data within the framework of the conditions stipulated in the PDPL legislation,

- To request that the correction of incomplete or incorrect data, as well as the deletion or destruction of your personal data, be communicated to the third parties to whom we have transferred your personal data.

- You have the right to request compensation for damages incurred due to the unlawful processing of your personal data.

2.3- Application

Your applications and requests regarding your personal data:

- by sending it to our company headquarters address with a wet-signed petition and a photocopy of your ID

- by applying to our company in person with a valid identification document

- You can send it to our registered electronic mail address using a registered electronic mail  address with a secure electronic signature or mobile signature, or by sending it to the electronic mail address previously notified to and recorded in our system.

According to the Communiqué on the Procedures and Principles for Application to the Data Controller, applications from data subjects must include the following information: name and surname, signature if the application is written, Turkish Identification Number (or passport number if the applicant is a foreign national), address for notifications (residential or business address), if available, electronic mail address for notifications, telephone number, fax number, and details regarding the subject of the request.

The data subject must clearly and understandably specify the requested matter related to the rights they wish to exercise in their application. Information and documents related to the application must be attached to the request. 

The request must relate to the applicant's own personal matters. However, if the application is made on behalf of someone else, the person making the application must be specifically authorized for this purpose, and this authorization must be documented (e.g., a power of attorney). Additionally, the application must include identification and address information, and identity-verifying documents must be attached to the application.

Requests made by unauthorized third parties on behalf of others will not be considered

Your requests regarding personal data will be evaluated and answered within a maximum of 30 days from the date they are received by the Company. If your request is denied, the reasons for rejection will be sent to the address you specified in your application, primarily by email or postal mail, and, if possible, through the method used to make the request.