Privacy & security policy

PRIVACY & SECURITY POLICY

PRIVACY

All services provided in our Store belong to our company and are operated by our company, Zübeyde Gülistan Yesilova registered at 1813/4 sokak, No:9 Kat:3, Bostanlı Mahallesi Karsıyaka/İzmir.

Our company may collect personal data for various purposes. How and in what way the personal data is collected and how this data is protected is stated below.

Due to the nature of the business, our Store collects some personal information about its Members (e.g. name, surname, company information, telephone, address or e-mail address) provided via various forms and surveys on the Membership or Store pages.

Our company may send campaign information, information about new products and promotional offers to its registered customers and members. Members may choose whether or not to receive such information while incorporating as member; this selection can be changed anytime in the account information section after logging in as member; it can also be amended through the link provided in the received email.

Personal information transmitted to our store electronically by our Members will not be disclosed to third parties, except for the purposes and scope determined by the 'Membership Agreement' made with our Members when they affiliate.

Our company records and uses the IP address of its Members in order to identify system-related problems and quickly resolve any problems or disputes that may arise regarding the services provided. IP addresses can also be used to identify users in a general way and to gather comprehensive demographic information.

By using our website, you agree to allow third parties to process your IP address, in order to determine your location for the purpose of currency conversion. You also agree to have that currency stored in a session cookie in your browser (a temporary cookie which gets automatically removed when you close your browser). We do this in order for the selected currency to remain selected and consistent when browsing our website so that the prices can convert to your local currency.

Our company may use the requested information for direct marketing purposes by itself or parties it cooperates with. Personal information can also be used to contact the user when necessary. Information requested by our company or information provided by the user or information about transactions made through our Store can be used in various statistical evaluations, database creation and market research without disclosing the identity of our members, except for the purposes and scope determined by the 'Membership Agreement' by our company and its collaborators.

Our company commits to keep confidential information strictly private and confidential, to consider it a confidentiality obligation, to ensure and maintain confidentiality, to take all necessary measures and take all necessary care to prevent all or any part of confidential information from entering the public domain or unauthorized use or disclosure to a third party.

CREDIT CARD SECURITY

Our company prioritizes the security of credit card holders who shop at our shopping sites. Your credit card information is not stored in any way in our system.

When you enter the transaction process, a key or lock icon at the bottom line of your browser indicates that you are on a secure website and all your information is encrypted and protected. This information is only used for the purpose of the sale process and according to your instructions. The information about the credit card used during shopping is encrypted with 128-bit SSL (Secure Sockets Layer) protocol, independent of our shopping sites, and sent to the relevant bank for questioning. If the card availability is approved, the card is sustained for shopping. Since no information about the card can be viewed and recorded by us, third parties are prevented from obtaining this information under any circumstances.

The reliability of payment/invoice/delivery address information of orders placed online by credit card is audited by our company against Credit Card Fraud. The accuracy of financial and address/telephone information is first confirmed for customers shopping from our site for the first time in order to proceed to the procurement and delivery stage. To verify this information, if necessary, the credit card holder or the relevant bank are contacted.

Only Members can access and change the information provided while becoming member. Members are responsible for protecting their membership and login information in order to prevent others from accessing and changing their membership information. From our end the protection is ensured through the 128-bit SSL security process governed by the international encryption standards.

You may contact us regarding any queries by going to our CONTACT US section.

PERSONAL DATA POLICY / KVKK

1. PURPOSE AND SCOPE

The main objective of this Personal Data Protection Policy (the "Policy") is to provide explanations regarding the personal data processing activities carried out by our Company pursuant to the law and the systems adopted for the protection of personal data and, in this context, to provide transparency by informing the people whose personal data is being processed by our Company. This Policy applies to all activities managed by the Company regarding the processing and protection of personal data by the Company along with the relevant detailed data procedures.

2. DEFINITIONS

KVKK: Personal Data Protection Law numbered 6698

GDPR: EU General Data Protection Regulation

Data Processor: The natural person or legal entity that process data on behalf of the data controller with the authority given by the data controller

Data Controller: The one who defines the purpose and the means of processing personal data and responsible of the data recording system management

Data Subject: A natural person, includes but not limited to an employee, customer, business partners, stakeholders, authorities, leads, candidate for recruitment, intern, visitors, suppliers, employee of business partners, third parties of the Company and its affiliates with whom they have a commercial relationship, whose data is processed.

Explicit Consent: Consent that is related to a specific issue based on information and expressed with free will.

Personal Data: Any information related to a natural person whose identity is known or could be identified

Sensitive Personal Data: Biometric and genetic information related with race, ethnicity, political or philosophical opinions, religion, sect or other believes, appearance, union memberships, health, sex life, convictions, and security measures etc.

Processing of Personal Data: Any kind of operation performed on data such as obtaining, recording, storing, preservation, modification,

reorganization, disclosure, transfer, takeover, making available, classification or preventing the use of personal data in fully or partially automated or non-automated ways, provided that it is part of any data recording system

Anonymization of Personal Data: To render data in such a way that it can no longer be associated with an identified or identifiable person even when the personal data is matched with other data.

Deleting Personal Data: To delete or to render personal data in such a way that it is no longer accessible or reusable for the users

Destroying Personal Data: Rendering the personal data to make it inaccessible, unrecoverable and not useable by anyone

Company: Zübeyde Gülistan Yeşilova

KVK Board / Board: Turkish Personal Data Protection Board

KVK Authority / Authority: Turkish Personal Data Protection Authority

3. POLICY

This Policy is prepared in accordance with the rules and procedures foreseen in KVKK and related law for the protection of personal data. In his context, as Data Controller is also liable to prevent illegal processing of personal data and access and protect the personal data from being accessed illegally in accordance with KVKK, he/she must take all necessary technical and administrative measures.

4. PRINCIPLES TO BE FOLLOWED WHILE PROCESSING DATA

Our Company acts in accordance with the following general principles in all its Personal Data Processing activities:

Personal data must be processed lawfully, fairly, and transparently

Personal data can only be collected for specific, explicit, and legitimate purposes

Personal data must be adequate, relevant, and limited to what is necessary for processing

Personal data must be accurate and kept up to date with every effort to erase or rectify without delay

Personal data must be kept in a form such that the data subject can be identified only if is necessary for processing

Personal data must be processed in a manner that ensures the appropriate security

5. PERSONAL DATA COLLECTED

Your personal data collected by our company varies according to the quality of the relationship with our company and the legal obligations. Your personal data collected can be listed as follows:

Identity Information (liable to amendments as per to requirements, ID number, name, surname, passport number, if the ID card shared, the information on the card, photo, etc.)

Contact Information (E-mail address, phone number, mobile phone number, address etc.)

Customer Transaction Information (payment receipts, orders, and relevant information taken under record in regards to purchases)

Process Security Information (website password and password information, etc.)

Risk Management Information (associated with Data Subject, address register system records, IP address tracking records etc.)

The Personal Data types listed do not include all your processed data and personal data similar to the data listed by our company may be processed.

6. THE PURPOSES OF PROCESSING PERSONAL DATA

The purpose of processing personal data information varies according to the relationship between the company and personal data subject and legal nature of the business. The purposes of processing personal data by the Company are as follows:

Within the scope of the company based commercial activities, planning and business development tasks, etc.

Realization of legally required transactions, performance of obligations

Declarations made to official institutions

Activities related to the establishment and execution of contracts

Managing, conducting, planning, and improving client relations

Activities for the realization of post-contract services

Monitoring, planning and execution of consultancy activities

Monitoring, planning and execution of financial and accounting activities

Planning and execution of information technologies and data security activities

Planning and execution of physical and electronic / network security activities

Increasing brand awareness;

Planning and execution of actions aimed at increasing the level of perception about corporate activities and brand

Planning, management and execution of organizations, meetings, invitations, and events

Managing the client satisfaction processes during and / or following the completion of service offering processes

Activities for receiving, evaluating, and finalizing demands and complaints,

Realization and follow-up of transactions and activities to fulfill the obligations arising from the contractual relationship

Within the scope of planning, execution and management of corporate relations;

Managing, conducting, planning, and developing relations with suppliers / business partners

Building and conducting corporate managerial communication activities

Building and conducting external trainings

Within the scope of legal, technical and commercial security measures among parties in relation with the Company data is processed under;

Notifying the relevant authorities / institution and / or conducting responsibilities within the audit processes

Assuring security measures on physical and electronic environments for the parties the Company is involved with

Keeping records as per to commercial security measures and organizing, conducting, and auditing these measures for the parties the Company is involved with

Assuring the applicable activities are being conducted in regard with data accuracy and making sure the data is up to date

Planning and / or conducting the Health & Safety processes

7. METHODS OF PROCESSING PERSONAL DATA AND ITS LEGAL GROUND

Personal data can be obtained / received by parties who are data subject and / or third parties who have explicit consent from the data subject. The obtained personal data can be processed by collecting, saving, editing, configuring, storing, adapting, changing, using, transferring, deleting, destroying, and anonymizing. Personal Data may be processed by one or more of the above methods without the explicit consent of the data subject in the presence of one the legitimate reasons listed in Article 5 of KVKK:

Explicitly prescribed in laws and any relevant legislation.

Being legally mandatory for the person cannot grant consent due to physical incapability or legally forbidden to grant consent in regards with other's living rights

Requirement on processing personal data of the parties subject to a contract / agreement, due to the execution of a contract / agreement.

Legally being mandatory for the data controller to fulfill the legal liability.

Publicized by the data subject directly.

Legally being mandatory to be processed for a granted right to be conducted, used and / or protected

Processing personal data for legitimate purposes without contracting the basic rights and freedom of the data subject.

8. RETENTION AND DESTRUCTION OF PERSONAL DATA

Our company takes into account the law and legislation that is in place during processing the personal data. Within this scope, the retention and period of limitations are taken into account on Personal Data Protection activities. In case the processing activity is disposed, and there is no further legal ground to store personal data, relevant data is to be deleted, destroyed and / or anonymized. The personal data shall be subject to retention, disposal, or anonymization upon the demand of the data subject and / or the Company's periodic control in which the Company realizes the reason to process the data is no longer available, due to the Article 7 of KVKK and other related legislation.

9. TRANSFER OF PERSONAL DATA

Local Transfers

Personal data is not transferred to any third party without an explicit consent, unless it is legally required due to KVKK, relevant legislation and cases where it is mandatory to be shared with the external parties due to administrative / juridical cases. However, as per to the Article 5 and Article 6 of KVKK, in case legal grounds are present and it is legally required, on third party transferred, consent / explicit consent will not be observed.

Our Company fulfills its obligation to inform the Data Subject regarding this transfer. Accordingly, the institutions, organizations and / or persons that can be transferred are listed below.

Transfers to Abroad

The Company may transfer the personal data abroad by obtaining explicit consent of the data subject along with taking appropriate and necessary security measures foreseen in KVKK and related legislation. For the situations in which the explicit consent of the data subject is not sought, it is considered whether the country that the data will be transferred, is in "adequate country" stature and has enough protection or not. If the Board considers that the transferee country is not in adequate country statute, the Board approval should be taken, and a data transfer protocol should be signed to guarantee enough protection.

Data Transfer to Third Parties

Within the scope of the Labor Law, Obligations Law, Income Tax Law and Procedures, Commercial Law, Private Employment Agencies, and relevant legislations:

Related public institutions and organizations,

Competent authority,

Tax offices workplace inspector, ISKUR, regional labor and SGK can be share with administrative institutions and organizations.

Apart from these, our Company shall not disclose your personal data in accordance with Articles 8 and 9 of KVKK and take all security measures specified in the relevant legislation;

To business partners, suppliers, business partners that we cooperate with at local and / or abroad,

Data can be transferred to externally supported law offices, courts, and other official and judicial authorities upon request.

10. MEASURES REGARDING THE PROVISION OF DATA SECURITY

Technical and administrative measures are taken to prevent data breaches to ensure the security of personal data.

11. KEEPING PERSONAL DATA UP-TO-DATE

In accordance with Article 4 of KVKK our Company has an obligation to keep your personal data accurate and up-to-date. In this context, in order for our Company to fulfill its obligations arising from the applicable legislation, Customers are mandated to share accurate and up-to-date data or update it via our website / mobile application.

12. RIGHTS OF THE DATA SUBJECT

Within the scope of Article 11 of KVKK the data subject has the following rights and if he / she wishes, he / she can use his / her rights by reaching the data controller in the methods determined by him/her:

To learn whether personal data is being processed

To make requests regarding the nature of information held and to whom it has been disclosed

To learn the processing purpose of personal data and whether it is used in accordance with this purpose

To be informed about the third parties that the personal data is transferred in local or abroad and to make notification as regards the transactions made

To demand correction for the personal data that is processed as deficient or incorrect and to notify third parties about this

To demand deletion or annihilation of the personal data of which reason to process is no more available, even if the data is processed in accordance with the related law

To object any result against the data subject

To demand compensation in case of any damage caused by illegal processing of the personal data

13. EXERCISES OF RIGHTS OF DATA SUBJECT

In accordance with KVKK regulations, in cases you have inquiries on your rights, contact us by sending an email to majajwl@gmail.com.

All queries will be answered within 30 days of receipt. If the transaction requires an additional cost, the tariff set by Turkish Personal Data Protection Board will be charged.