PERSONAL DATA PROTECTION LAW CLARIFICATION



General Information About the Personal Data Protection Law

The Law No. 6698 on the Protection of Personal Data (hereinafter referred to as KVKK) was enacted on March 24, 2016, and published in the Official Gazette No. 29677 dated April 7, 2016. Some provisions of the KVKK came into force at the time of publication, while others entered into force on October 7, 2016.

Information as a Data Controller

According to the KVKK No. 6698 and in the capacity of Data Controller, your personal data may be recorded, stored, updated, disclosed/transferred to third parties in situations permitted by the legislation, classified, and processed in the forms specified in the KVKK as explained on this page.

How Your Personal Data May Be Processed
Under the KVKK No. 6698, the personal data you share with our company may be collected and processed entirely or partially, via automated means or non-automated means as part of any data recording system, by being recorded, stored, modified, reorganized, and processed in any manner performed on these data. Any procedure performed on data under the KVKK is considered "processing of personal data."

Purposes and Legal Grounds for Processing Your Personal Data

The personal data you share will be processed in accordance with the requirements of the services we provide to our customers and in line with the necessary terms of contracts and technology; in order to improve the products and services offered, to record identity, address, and other necessary information for determining the information of the data subject, as required by Law No. 6563 on Regulating E-Commerce and Law No. 6502 on the Protection of Consumers, the Regulation on Service Providers and Intermediary Service Providers published on August 26, 2015, in the Official Gazette No. 29457, and the Regulation on Distance Contracts published on November 27, 2014, in the Official Gazette No. 29188, and other relevant legislation; to prepare all records and documents necessary for payment systems that are mandatory in banking and electronic payment sectors; to comply with information retention, reporting, and notification obligations stipulated by the legislation and other authorities; and to provide information to prosecutors, courts, and relevant public officials in matters related to public security and legal disputes when requested and required by law.Information About Third Parties or Organizations to Whom Your Personal Data Might Be Transferred For the purposes mentioned above, the personal data you share with our company may be transferred to third parties/organizations including, primarily, IdeaSoft Software Industry and Trade Inc., which provides our e-commerce infrastructure, suppliers, cargo companies, and other entities related to the services provided, program partner organizations with whom we collaborate, and domestic/foreign entities, as well as other third parties as necessary.

How Your Personal Data is Collected

Your personal data may be collected through:

• Forms on our company’s website and mobile applications, containing information such as name, surname, TC (Turkish Citizen) ID number, address, phone number, business or personal email address; preferences from pages accessed using username and password, IP records of transactions performed, cookie data collected by the browser, navigation time and details, and location data;
• Employees from our sales and marketing departments, our branches, suppliers, other sales channels, through oral, written or electronic communication via paper forms, business cards, digital marketing, and call centers;
• Individuals who share personal data through business cards, curriculums vitae (CVs), proposals, or other means for purposes such as establishing a commercial relationship with our company or applying for jobs in physical or virtual environments, face-to-face or remotely, orally, in written form, or electronically;
• Additionally, data obtained indirectly from various channels such as websites, blogs, contests, surveys, games, campaigns, and similar purpose driven (micro) websites and social media, actions like reading or clicking e-bulletins, and data from publicly available databases can also be processed and collected.

Personal Data Obtained Before the KVKK Took Effect

Personal data that was obtained prior to the enforcement date of the KVKK on April 7, 2016, obtained lawfully through membership, electronic communication consent, product/service purchases, and other methods continue to be processed and stored in accordance with the terms and conditions set out in this document.

Transfer of Your Personal Data Abroad

Personal data collected in Turkey or processed and retained outside of Turkey can be transferred abroad to service providers located there, provided that such transfer complies with the conditions outlined in the KVKK and is in accordance with contractual purposes to countries approved by the Personal Data Protection Council that offer adequate protection in terms of personal data protection.

Storage and Protection of Personal Data

Your will be kept confidential in the databases and systems of our company in accordance with Article 12 of the KVKK; under no circumstances will it be shared with third parties, except as required by legal obligations and regulations specified in this document. Our company is obligated to prevent the unlawful processing of personal data, to restrict access by unauthorized individuals, and to take software measures such as access management and physical security measures for the systems and databases that hold your personal data, as required by Article 12 of the KVKK. If it is discovered that personal data has been obtained unlawfully by others, the situation will be reported immediately and in writing to the Personal Data Protection Board in accordance with legal regulations.

Maintaining Personal Data Accurately and Up-to-Date

According to Article 4 of the KVKK, our company has the obligation to maintain your personal data accurately and up-to-date. In this context, our customers must share accurate and up-to-date data or update them through our website/mobile application for our company to fulfill its obligations arising from the applicable legislation.

Rights of the Data Subject Under KVKK No. 6698
Article 11 of the KVKK No. 6698 came into effect on October 7, 2016, and according to this article, the rights of the Data Subject after this date are as follows: The Data Subject can apply to our company (data controller) to inquire about:

1: Whether their personal data is being processed,
2: If their personal data has been processed, to request information regarding that data,
3: The purpose of processing their personal data and whether it is being used in accordance with that purpose,
4: The third parties to whom their personal data has been transferred, whether domestically or internationally,
5: To request correction of their personal data in case of it being processed incompletely or inaccurately,
6: To request deletion or destruction of their personal data under the conditions stipulated in Article 7 of the KVKK,
7: In the event of rectification, deletion, or destruction of personal data, to request that these operations be notified to third parties to whom personal data has been transferred,
8: To object to the emergence of a result against themselves due to the analysis of processed data exclusively through automated systems,To request compensation for damages incurred due to unlawful processing of their personal data.