Personal Data Protection Law

KVKK Text

1- Relevant Persons

Customers

DATA CATEGORIES

1.1.1- Identity Information

Personal Data Processed:

Name – Surname, Date of Birth, Gender, Turkish Republic Identification Number

Purposes of Personal Data Processing:

Conducting financial and accounting affairs, communication activities, and company/product/service affiliation processes and activities in accordance with legislation; following up on legal matters and ensuring business continuity; conducting sales of goods/services and after-sales support services and processes; conducting customer relationship management processes and customer satisfaction activities; conducting advertising, campaign, and promotional processes; conducting storage and archiving activities; conducting contract and membership processes; monitoring requests and complaints; planning and executing commercial and/or business strategies; conducting necessary activities to ensure the benefit of the products and services offered and conducting relevant business processes; and providing information to authorized persons, institutions, and organizations.

Legal Grounds for Processing Personal Data

Your personal data in this context is processed by the Company to achieve the purposes listed above, based on the legal grounds specified in relevant legislation and Article 5 of the Personal Data Protection Law: It is expressly provided for by law, it is directly related to the establishment or performance of a contract, the processing of personal data belonging to the parties to the contract is necessary, the processing is necessary for the data controller to fulfill its legal obligations, and the processing is mandatory for the legitimate interests of the data controller, provided that it does not violate the fundamental rights and freedoms of the data subject. For cases not included in the purposes listed above, your personal data is processed based on your explicit consent, detailed in the Consent Form.

Methods of Collection of Personal Data:

The personal data mentioned above is collected through membership forms on our website, fields within the "My Account" page that can be filled in at your discretion, your requests and applications, contracts, campaigns, and third-party authentication systems (e.g., Google Login, Facebook Login, etc.).

1.1.2- Contact Information

Personal Data Processed:

Email Address, Billing & Delivery Addresses, Mobile Phone Number

Purposes of Personal Data Processing:

Conducting financial and accounting affairs, communication activities, and company/product/service loyalty processes and activities in accordance with legislation; following up on legal matters and ensuring business continuity; conducting goods/service sales and after-sales support services and processes; conducting customer relationship management processes and customer satisfaction activities; conducting advertising, campaign, and promotional processes; conducting storage and archiving activities; conducting contract and membership processes; monitoring requests and complaints; planning and executing commercial and/or business strategies; carrying out necessary activities to ensure the benefit of the products and services offered and executing relevant business processes; and providing information to authorized persons, institutions, and organizations.

Legal Grounds for Processing Personal Data

Your personal data in this context is processed by the Company to achieve the purposes listed above, based on the legal grounds specified in relevant legislation and Article 5 of the Personal Data Protection Law: It is expressly provided for by law, it is directly related to the establishment or performance of a contract, the processing of personal data belonging to the parties to the contract is necessary, the processing is necessary for the data controller to fulfill its legal obligations, and the processing is mandatory for the legitimate interests of the data controller, provided that it does not violate the fundamental rights and freedoms of the data subject. For cases not included in the purposes listed above, your personal data is processed based on your explicit consent, detailed in the Consent Form.

Methods of Collection of Personal Data:

The personal data mentioned above is collected through membership forms on our website, fields within the "My Account" page that can be filled in at your discretion, your requests and applications, contracts, campaigns, and third-party authentication systems (e.g., Google Login, Facebook Login, etc.).

1.1.3- Legal Transaction Information

Personal Data Processed:

In the event of a dispute, information in the case file, notices, and correspondence with judicial and administrative authorities

Purposes of Personal Data Processing:

Following and conducting legal proceedings; conducting and supervising business activities; providing information to authorized persons, institutions, and organizations; ensuring compliance with legislation; carrying out storage and archiving activities; carrying out risk management processes; executing contract processes; monitoring requests/complaints; ensuring the security of data controller operations

Legal Reasons for Processing Personal Data:

In this context, the personYour data is processed by the Company to achieve the purposes listed above, based on the legal grounds stipulated in relevant legislation and Article 5 of the Personal Data Protection Law: It is necessary for the data controller to fulfill its legal obligation, it is necessary for the establishment, exercise, or protection of a right, and it is necessary for the legitimate interests of the data controller, provided that it does not prejudice the fundamental rights and freedoms of the data subject.

Personal Data Collection Methods:

The personal data specified above is collected through official letters from judicial and administrative authorities and other printed and electronic documents.

1.1.4- Customer Transaction Information

Personal Data Processed:

Invoice Information, Request Information, Order Information, Customer Comments

Purposes of Personal Data Processing:

Performance of supply chain management processes; execution and audit of business activities; provision of information to authorized persons, institutions, and organizations; compliance with legislation on activities; performance of finance and accounting; storage and archiving activities; execution of contract processes; Carrying out goods/service sales processes; providing after-sales support services; conducting customer relationship management processes; conducting customer satisfaction activities; conducting marketing analysis studies; conducting advertising, campaigns, and promotional processes; monitoring requests/complaints; and conducting product/service marketing processes.

Legal Grounds for Processing Personal Data

Your personal data in this context is processed by the Company to achieve the purposes listed above, based on the legal grounds specified in the relevant legislation and Article 5 of the Personal Data Protection Law: The processing of personal data belonging to the parties to the contract is necessary, provided that it is explicitly provided for by law, directly related to the establishment or performance of a contract, the processing is necessary for the data controller to fulfill its legal obligations, and the processing is necessary for the legitimate interests of the data controller, provided that it does not prejudice the fundamental rights and freedoms of the data subject. For cases not falling within the scope of the above purposes, your personal data is processed based on your explicit consent, details of which are provided in the Consent Text.

Personal Data Collection Methods:

The personal data mentioned above is collected through printed/electronic forms, call center records, emails, and SAP programs.

1.1.5- Transaction Security Information

Personal Data Processed:

IP Address Information, Website Login/Logout Information, Username Information, Traffic Data (Connection Time/Duration, etc.)

Purposes of Personal Data Processing:

Performing information security processes; conducting auditing/ethical activities; conducting and monitoring business activities; carrying out storage and archiving activities; ensuring the security of data controller operations; informing authorized individuals, institutions, and organizations; conducting activities in compliance with legislation; monitoring and executing legal affairs; and conducting goods/service sales processes; Monitoring requests/complaints

Legal Grounds for Processing Personal Data:

Your personal data in this context is processed by the Company to achieve the purposes listed above, based on the legal grounds stipulated in relevant legislation and Article 5 of the Personal Data Protection Law: It is expressly prescribed by law, it is necessary for the data controller to fulfill its legal obligations, and it is necessary for the legitimate interests of the data controller, provided that it does not violate the fundamental rights and freedoms of the data subject. For cases not included in the purposes above, your personal data is processed based on your explicit consent, the details of which are specified in the Consent Form.

Methods of Collection of Personal Data:

The personal data specified above is collected through information security systems and electronic devices.

1.1.6- Financial Information

Personal Data Processed:

Encrypted Credit Card Information, Bank Account/IBAN Number Information

Purposes of Processing Personal Data:

Conducting activities in accordance with legislation; monitoring and conducting legal affairs; Conducting financial and accounting affairs; carrying out refund processes; conducting and auditing business activities; conducting goods/service sales processes; carrying out storage and archiving activities; carrying out risk management processes; executing contract processes; and providing information to authorized persons, institutions, and organizations.

Legal Reasons for Processing Personal Data

Your personal data in this context may be processed by the Company for the purposes listed above, as specified in relevant legislation and Article 5 of the Personal Data Protection Law, provided that it is directly related to the establishment or performance of a contract, the processing of personal data belonging to the parties to the contract is necessary, and the data controller fulfills its legal obligations.This process is based on the legal basis that it is necessary to fulfill the above-mentioned purposes.

Methods of Collection of Personal Data:

The personal data mentioned above is collected through printed and electronic forms, emails, and requests and messages on the website.

1.1.7- Location Information

Personal Data Processed: Location Information

Purposes of Personal Data Processing:

Conducting customer relationship management processes; conducting marketing analysis; conducting advertising/campaign/promotion processes; conducting customer satisfaction activities; conducting marketing processes for products/services; conducting sales processes for goods/services; and conducting production and operational processes for goods/services.

Legal Grounds for Processing Personal Data:

Your personal data in this context is processed by the Company in order to achieve the purposes listed above based on the legal basis of "Explicit Consent," as specified in the relevant legislation and Article 5 of the Personal Data Protection Law, details of which can be found in the Consent Text.

Personal Data Collection Methods:

The personal data specified above is collected based on your preferences in the internet browser you use and our Company's mobile application.

TRANSFER OF PERSONAL DATA

Customer personal data is transferred only to the extent necessary to achieve the relevant purpose, in accordance with the rules in Article 8, "Transfer of Personal Data," and/or Article 9, "Transfer of Personal Data Abroad," of the Personal Data Protection Law, and by taking the necessary technical and administrative measures. Your personal data may be transferred to our subsidiaries and affiliates, limited to the purposes listed above; to the seller of the purchased product (for the shipment of the product), to shipping companies (for the delivery of the product), to banks (for the collection of payment for the product), to our business partners with whom we send bulk SMS/email messages (to provide information on delivery, etc.); to our suppliers and authorized product service centers (for after-sales services when necessary); and to authorized persons and official institutions in accordance with legal regulations and legislation to fulfill our legal obligations. It may also be recorded in our programs and/or systems provided/made available to us by our technology infrastructure providers.

2- Personal Data Storage, Your Rights, and Application

2.1- Storage and Destruction

Our company has established a Storage and Destruction Policy for the storage and deletion of personal data. Storage and destruction of your personal data are carried out within the scope of this policy. Accordingly, if a data retention period is specified in the KVKK, relevant laws, or other relevant legislation, the data in question must be retained for at least this period.

Taking into account the possibility of a potential court request or a request from a legally authorized administrative authority regarding the relevant data being received late, or the emergence of a dispute to which we may be a party, we determine the retention period by adding a period of six months to one year to the legally stipulated periods for the retention of your data. At the end of this period, the data in question is deleted, destroyed, or anonymized.

If the legislation does not specify a retention period for the data we process, your data will be deleted, destroyed, or anonymized upon the expiration of the 10-year statute of limitations following the termination of our legal relationship, taking into account potential disputes arising from the nature of our relationship.

If all processing conditions for personal data have ceased to exist, or if the retention period declared by us or specified by legislation has expired, your data will be deleted, destroyed, or anonymized ex officio on the first periodic destruction date or within six months at the latest. If you request the deletion of your data for a valid reason, your data will be deleted within 30 days, to the extent legally possible. If you request the deletion or destruction of your data before the specified retention period specified by legislation, your request will not be fulfilled.

2.2- Your Rights

Regarding your personal data under the KVKK and related legislation:

* To learn whether your personal data has been processed,

* To request information if your personal data has been processed,

* To learn the purpose of processing your personal data and whether it is being used in accordance with its intended purpose,

* To know the third parties to whom your personal data has been transferred,

* To request correction of your personal data if it has been processed incompletely or incorrectly,

* To request the deletion or destruction of your personal data within the framework of the conditions stipulated in the Personal Data Protection Law,

* To request the correction of incomplete or inaccurate data and the deletion or destruction of your personal data,You have the right to request that your data be reported to third parties to whom we have transferred it.

* To object to the analysis of processed data exclusively through automated systems, leading to a detrimental outcome.

* To request compensation for any damages you incur due to the unlawful processing of your personal data.

2.3- Application

You can submit your applications and requests regarding your personal data by:

* Sending a signed petition and a photocopy of your ID to our company headquarters,

* Applying in person to our Company with a valid ID document,

* Sending it to our registered email address using your registered email address (KEP) and secure electronic signature or mobile signature, or sending it to our email address previously notified to our Company and registered in our system.

In accordance with the Communiqué on the Procedures and Principles for Applications to the Data Controller, data subjects must submit their full name, surname, signature if the application is in writing, and their Turkish Republic ID number. The applicant must include their ID number (passport number if the applicant is a foreigner), their residence or workplace address for notification, their email address for notification, telephone number and fax number, and information regarding the subject of the request.

The data subject must clearly and concisely state the requested information in their application, which includes explanations of the rights they are requesting to exercise and the right they are requesting to exercise. Information and documents related to the application must be attached to the application.

The subject of the request must relate to the applicant personally. If acting on behalf of someone else, the applicant must be specifically authorized to do so, and this authority must be documented (a special power of attorney). Furthermore, the application must include their identity and address information, and documents confirming their identity must be attached to the application.

Requests submitted by unauthorized third parties on behalf of someone else will not be considered.

Your requests regarding your personal data will be evaluated and responded to within 30 days of receipt by our Company. If your application is evaluated negatively, the justified reasons for rejection will be sent to you via e-mail or postal mail to the address you specified in your application, and if possible, via the same method as the request was made.