Legal Notice KVKK

Personal Data Protection Law No. 6698 (hereinafter referred to as KVKK) was accepted on 24 March 2016 and published in the Official Gazette No. 29677 dated 7 April 2016. Some of the KVKK entered into force on the date of publication, and some on October 7, 2016.

Information as the data controller;

In accordance with KVKK No. 6698 and as the Data Controller, your personal data is within the framework explained on this page; will be recorded, stored, updated, disclosed/transferred to third parties where permitted by the legislation, classified and processed in the ways listed in KVKK.

How your personal data may be processed

In accordance with KVKK No. 6698, your personal data that you share with our Company may be obtained, recorded, stored, changed, rearranged, in short, in whole or in part, automatically, or by non-automatic means provided that it is part of any data recording system, and is subject to all kinds of operations performed on the data. can be processed by us. Any operation performed on data within the scope of KVKK is considered "processing of personal data".

Personal data you share,

· In order to fulfill the requirements of the services we provide to our customers in accordance with the requirements of the contract and technology, and to improve our products and services;

· Law No. 6563 on the Regulation of Electronic Commerce, Law No. 6502 on Consumer Protection and the Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce published in the Official Gazette No. 29457 dated 26.08.2015, prepared on the basis of these regulations, and the Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce dated 27.11.2014 and No. 29188. To record the identity, address and other necessary information to determine the information of the transaction owner within the scope of the Distance Contracts Regulation published in and other relevant legislation;

· To organize all records and documents that will be the basis for payment systems, electronic contracts or paper transactions that are mandatory in the field of Banking and Electronic Payment; To comply with the information storage, reporting and information obligations required by the legislation and other authorities;

· To provide information to prosecutors' offices, courts and relevant public officials on matters related to public security and legal disputes, upon request and in accordance with the legislation;

It will be processed in accordance with KVKK No. 6698 and relevant secondary regulations. Information about third parties or organizations to which your personal data may be transferred. The information you share with our Company for the purposes stated above.

Persons/organizations to which your personal data may be transferred; Persons and organizations related to the services offered, such as suppliers, cargo companies, especially Shopify, which provides the e-commerce infrastructure of our Company, program partner organizations with which we cooperate, domestic / international organizations and other services from which we receive services in order to carry out our activities and / or as a Data Processor. are third parties

The way your personal data is collected, your personal data,

· With information such as name, surname, TR ID number, address, telephone, business or private e-mail address through the forms on our company's website and mobile applications; Data including preferences on the pages accessed using the username and password, IP records of the transactions performed, cookie data collected by the browser and browsing time and details, in the form of location data;

· Verbally, in writing or electronically through our channels such as our sales and marketing department employees, branches, suppliers, other sales channels, paper forms, business cards, digital marketing and call center;

· In a physical or virtual environment, face to face or distance, verbal or written, received from people who share their personal data through business cards, CVs, bids and other means for purposes such as establishing commercial relations with our company, applying for a job, making an offer. also electronically;

In addition, data obtained indirectly from different channels, (micro) websites and social media used for websites, blogs, contests, surveys, games, campaigns and similar purposes, e-bulletin reading or clicking movements, data provided by public databases data comes from profiles and data that can be shared on social media platforms; can be processed and collected.

Your personal data obtained before KVKK came into force

Your personal data obtained lawfully through membership, electronic message permission, product/service purchase and other means before April 7, 2016, the effective date of KVKK, is also processed and stored in accordance with the terms and conditions set out in this document.

Storage and protection of personal data

Your personal data will be kept confidential in the database and systems maintained by our Company in accordance with Article 12 of the KVKK; It will not be shared with third parties in any way except for legal obligations and regulations specified in this document. Our company is obliged to prevent the unlawful processing of personal data in the systems and databases where your personal data resides, in accordance with Article 12 of the KVKK, to prevent access by unauthorized persons, and to take software and physical security measures such as access management. If it becomes known that personal data has been obtained by others through illegal means, the situation will be reported to the Personal Data Protection Board immediately, in accordance with legal regulations and in writing.

Keeping personal data up to date and accurate

In accordance with Article 4 of the KVKK, our Company has the obligation to keep your personal data accurate and up-to-date. In this context, in order for our Company to fulfill its obligations arising from the current legislation, our Customers are required to share their accurate and up-to-date data or update it via the website / mobile application.

Rights of the personal data owner in accordance with KVKK No. 6698

Article 11 of KVKK No. 6698 came into force on 07 October 2016, and in accordance with the relevant article, the rights of the Personal Data Owner after this date are as follows: Personal Data Owner can apply to our Company (data controller) to;

Learning whether personal data is processed or not,

Requesting information if personal data has been processed,

Learning the purpose of processing personal data and whether they are used for their intended purpose,

Knowing the third parties to whom personal data is transferred at home or abroad,

Requesting correction of personal data if it is incomplete or incorrectly processed,

Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK,

In case of correction, deletion or destruction of personal data, request that these transactions be notified to third parties to whom personal data have been transferred,

Objecting to the emergence of a result that is unfavorable to the individual by analyzing the processed data exclusively through automatic systems,

It has the right to request compensation in case of damage due to unlawful processing of personal data., located in Istanbul. He is the Data Controller within the scope of KVKK. The Data Controller Representative to be appointed by our company will be announced in the Data Controllers Registry and on the website where this document is located, once the legal infrastructure is provided. Personal Data Owners can direct their questions, opinions or requests to any of the following communication channels:

Privacy Agreement Regarding the Protection of Personal Data

1. The Parties hereby agree to transfer, preserve and prevent unlawful access to personal data in accordance with the provisions of the "Privacy of Private Life", "Protection of Personal Data" in Article 20 of the Constitution and the Personal Data Protection Law No. 6698, relevant regulations and legislation. They accept and undertake to comply with all kinds of administrative and technical measures.

2. Data processors may transfer personal data for the purposes specified in the policy in accordance with the KVKK and the applicable legislation. Apart from this, when it comes to transferring personal data to a third party, the data processor must inform the data controller in a verifiable manner and obtain his/her consent. The data processor's contract with third parties must include at least the provisions in this contract with the data controller.

3. In accordance with this agreement, the parties undertake to comply with the principles of care, loyalty, accuracy and honesty in the mutual transfer and processing of personal data in line with the Personal Data Protection Law and relevant legislation and within the framework of the company policies of both parties.

4. The parties will be personally responsible for the actions and behaviors of their employees and partners, or dominant or affiliated companies, or subcontractors or suppliers, and their employees and partners, that are contrary to the provisions of this confidentiality agreement. The fact that the employee has left the job or has ended working with the subcontractor or supplier does not eliminate the liability of the relevant party.

5. In case of a data breach such as unauthorized access to personal data subject to the contract or personal data becoming accessible to third parties in violation of the contract, all information required to notify the data controller of the breach immediately after learning of the breach and to reduce the resulting damage to the maximum amount, will provide documentation and support without delay.

6. Personal data transferred within the contract period will be deleted or destroyed in accordance with the legislation and in accordance with the destruction policies within the periods specified in the legislation, in case of termination of the contract, when the relevant conditions are met or following the elimination of the reasons requiring the processing of personal data. .

7. In case of a legislative change that is likely to affect the data processor's ability to fulfill its commitments in the contract during the contract period, the data transferor shall immediately notify the data transferor and agree that in this case the data transferor will have the right to suspend the data transfer and terminate the contract.

8. If the data subject requests the destruction of personal data processed and transferred from the data controller through applications made to the data controller, the data processor must destroy the transferred personal data after the data controller notifies the data processor of the request of the relevant person. If the data is not destroyed despite the notification of the data controller, the responsibility will belong to the data processor.

9. Parties are obliged to take the measures stipulated in the legislation to prevent unauthorized access and processing of personal data by both their own employees and third parties and the use of personal data for purposes other than the transfer to them. Each party is obliged to fulfill the obligations stipulated by the law, relevant legislation and the KVK Board and all necessary legal, administrative and technical measures.

10. If this agreement and/or personal data protection policies need to be amended due to changes that may occur in the relevant legislation, the parties will make such changes as soon as possible. The parts that need to be amended will be implemented in accordance with the new legislation and the effective date of the new legal regulation.

11. About the person or persons who took action against personal data violations during or after the termination of this contract, and which will continue after the termination of the contract ;

a. Making a report if a crime occurs within the scope of TCK articles 135-140,

b. Liability for compensation according to TMK articles 123,124,125,

c. In accordance with Article 11 of Law No. 6698, it has been notified to the relevant person that if the party responsible for the data has to pay compensation, the liability for compensation may arise.

12. The parties cannot disclose the personal data processed within the scope of the contract to any person or persons other than those required by the personal data protection law, relevant regulations, legislation and this contract. This obligation continues after the termination of the contract.