Personal Data Protection and Processing Policy

1st entry

1.1. Purpose of the Policy

Within the scope of the Law No. 6698 on the Protection of Personal Data (“Law”)

Company Home Textile Shop | As İnnovator Bilişim Teknolojileri Sanayi ve Ticaret Limited Şirketi (“Company” and “Company”), we have the most important principles of protection and protection in accordance with personal laws. We follow the same priority in all our planning and business execution. In this context, your disclosure in accordance with Article 10 of the Law; We present this Personal Data Processing and Protection Policy (“Policy”) for your information for all administrative and technical protection purposes that we will implement within the scope of the protection and protection of personal data.

1.2 Scope

This Policy determines the processing conditions of personal data and sets out the elements adopted by the Company in the protection of personal data. In this context, the Policy; The entire personal data processing process within the scope of the Law carried out by the company includes all the personal data processed and the owners of this data.

1.3 Definitions

Explicit Consent Group Consent on a subject, based on information and included in free will.

Anonymization Making histories that have previously died with a person incapable of being taken away with a certain or identifiable real person under any circumstances, even by pairing them with another dimension.

Employee Candidate Real persons who work within the company but are in the status of employee candidate.

Personal Data Any information relating to an identified or identifiable natural person.

Data Owner The natural person whose personal data is processed.

Processing of Personal Data Obtaining, recording, preserving, changing, re-storing, disclosing, transferring, taking over, making available, or using Personal Data from fully or fully automatic or non-automated places provided that it is the property of any data recording system. Any action on a connection such as blocking.

Law No. 6698 on Protection of Personal Data, published in the Official Gazette dated 7 April 2016 and numbered 29677.

Sensitive Personal Data Data on race, ethnic origin, political opinion, all beliefs, religion, sect or other beliefs, dress, association, foundation or union members, health, sexual life, criminal conviction and security measures, and biometric and genetic protection.

Politics Firm İnnovator Bilişim Teknolojileri Sanayi ve Ticaret Limited Şirketi Personal Data Processing and Protection Policy

Company/Company Company Home Textile Shop | İnnovator Bilişim Teknolojileri Sanayi ve Ticaret Limited Şirketi data Processor is a natural and legal person with personal data proof on behalf of his/her Data controller.

The Data Controller is the person who protects the purposes and environments of the processing of personal data and manages the place where the cells are kept somehow.

Data Recording System It is a recording system by configuring personal data according to certain characteristics.

Business Partners Persons with whom the Firm has partnered within the scope of contractual relations within the scope of commercial data.

1 1.4 Enforcement of the Policy

This Policy, prepared by the company, was entered on 01.01.2023 and presented to the public. In case of conflict between the legislation, especially the Law, and the regulations included in this Policy, the provisions of the legislation are applied.

The company reserves the use of making changes to the Policy in line with legal structures. You can access the current version of the policy on the Company (https://www.hometextile.shop/) website.

  1. Information on Personal Data Processing Activities Conducted by the Company

2.1 Data Subjects

Data subjects within the scope of the policy are all natural persons whose personal data are processed by the Company and carried out by the Company. In general, data owners can be listed as follows:

Data Subject Categories Description

Customers express real tips that benefit from the products and services offered by the Firm.

Potential Customers refer to real persons who show interest in the products and services offered by the Company and become consumers.

Employee Candidates refers to real persons who conduct business by sending CV to the company or by other officials.

Visitors refer to the instructions coming to visit the Company for any reason.

Third Parties refer to natural persons, excluding the above categories of data subjects and Company employees.

The categories of data subjects describing the above table are to explain the general information transfer. The fact that the data owner is not included in any of these categories eliminates the data owner limits in a way that prevails in the Law.

2 2.2 Purposes of Processing Personal Data

2.2.1 Details of the workload and the workload required by the operating parts required to benefit from the products and services offered by the company:

  1. Planning and execution of product and/or service sales services,
  2. Planning of after-sales support services and/or execution,
  3. Planning and execution of customer relationship management processes,
  4. Follow-up of contract processes and/or legal requests,
  5. Follow-up of customer requests and/or complaints.

2.2.2 Planning and executing firm human resources policies and processes:

  1. Planning and execution of talent-career development activities,
  2. Fulfillment of obligations arising from employment contracts and/or legislation for company employees,
  3. Planning and executing fringe benefits and benefits for employees,
  4. Planning and executing in-house orientation activities,
  5. Planning and execution of personnel exit procedures,
  6. Fee management
  7. Planning of human resources processes,
  8. Managing the personnel procurement processes,
  9. Planning and execution of appointment-promotion and dismissal processes for the company,
  10. Planning and executing the performance evaluation processes of the employees,
  11. Monitoring and/or supervision of the work activities of the employees,
  12. Planning and/or executing in-house training activities,
  13. Planning and execution of employee satisfaction and/or loyalty processes,
  14. Planning and executing the processes of receiving and evaluating suggestions for improving the work and/or production processes of the employees,
  15. Planning and/or execution of intern and/or student recruitment, placement and operation processes.

2.2.3 For the realization of the commercial activities carried out by the company, the necessary work is carried out by the relevant business units and the execution of the related business processes:

  1. Event management,
  2. Planning and execution of business activities,
  3. Planning and execution of corporate communication activities,
  4. Planning and execution of supply chain management processes,
  5. Planning and execution of production and/or operation processes,
  6. Planning, auditing and execution of information security processes,
  7. Creation and management of information technology infrastructure,
  8. Planning and executing information access authorizations of business partners,
  9. Follow-up of finance and/or accounting works,
  10. Planning and execution of corporate sustainability activities,
  11. Planning and execution of corporate governance activities,
  12. Planning and/or execution of business continuity activities,
  13. Planning and execution of logistics activities.

2.2.4 Planning and executing the activities required to recommend and promote the products and services offered by the company to the relevant persons by customizing them according to their tastes, usage habits and needs:

  1. Identification and/or evaluation of the persons to be subject to marketing activities in line with consumer behavior criteria,
  2. Designing and/or performing personalized marketing and/or promotional activities,
  3. Designing and/or executing advertising and/or promotion and/or marketing activities in digital and/or other media,
  4. Designing and/or executing activities to be developed on customer acquisition and/or value creation in existing customers in digital and/or other channels,
  5. Planning and/or executing data analytics studies for marketing purposes,
  6. Planning and executing the marketing processes of products and/or services,
  7. Planning and/or executing the processes of establishing and/or increasing loyalty to the products and/or services offered by the company.

2.2.5 Planning and executing the Firm’s commercial and/or business strategies:

Managing relations with business partners.

2.2.6 Ensuring the legal, technical and commercial occupational safety of the Company and the persons who have a business relationship with the Company:

  1. Follow-up of legal affairs
  2. Planning and executing the necessary operational activities to ensure that the company’s activities are carried out in accordance with company procedures and/or relevant legislation,
  3. Giving information to authorized institutions based on legislation,
  4. Creation and follow-up of visitor records,
  5. Planning and execution of emergency management processes,
  6. Realization of company and partnership law transactions,
  7. Planning and executing company audit activities,
  8. Planning and/or execution of occupational health and/or safety processes,
  9. Carrying out risk management of credit processes,
  10. Ensuring the security of company premises and/or facilities,
  11. Ensuring the security of company operations,
  12. Planning and/or execution of the company’s financial risk processes,
  13. Ensuring the security of company fixtures and/or resources.

 

2.3 Categories of Personal Data

Personal data categorized as follows by the company are processed in accordance with the personal data processing conditions in the Law and relevant legislation:

Data Category Description

Identity information Included in documents such as driver’s license, identity card, residence, passport, attorney’s ID, marriage certificate. n information.

Contact information Information used to contact the person (eg email address, phone number, mobile phone number, address).

Location information Information to identify the location of the data subject (eg location information obtained while driving).

Customer information Information about customers who use our products and services (eg customer number, job information, etc.).

Customer transaction information Information regarding any transaction performed by customers using our products and services.

Physical location security information Personal data related to records and documents such as camera recordings, fingerprint records taken at the entrance to the physical location and during the stay in the physical space.

Transaction security information Personal data processed to provide technical, administrative, legal and commercial security while carrying out the Company’s commercial activities.

Financial information Personal data processed for information, documents and records showing all kinds of financial results created according to the type of legal relationship the Company has established with the personal data owner.

Employee candidate information Personal data processed about individuals who have applied to be an employee of the Company or who have been evaluated as an employee candidate in line with human resources needs in accordance with commercial practices and honesty rules, or who have a working relationship with the Company.

Legal transaction and compliance information Personal data processed within the scope of determination of legal receivables and rights of the company, follow-up and performance of debts, legal obligations and compliance with company policies.

Audit and inspection information Personal data processed within the scope of the Company’s compliance with its legal obligations and company policies.

Data of special nature, data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership of associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data. datas.

Marketing information Personal data processed for the purpose of customizing and marketing the products and services offered by the Company in line with the usage habits, tastes and needs of the personal data owner, and the reports and evaluations created as a result of these processing results.

Request/complaint management information Personal data regarding the receipt and evaluation of any request or complaint directed to the company.

Reputation management information Information collected for the purpose of protecting the company’s commercial reputation and information about the evaluation reports and actions taken.

Incident management information Personal data processed in order to take necessary legal, technical and administrative measures against developing events in order to protect the commercial rights and interests of the Company and the rights and interests of its customers.

  1. Principles and Conditions Regarding the Processing of Personal Data

The company, in accordance with Article 4 of the Law, regarding the processing of personal data; engages in the processing of personal data in a limited and measured manner in accordance with the law and the rules of honesty, accurately and, when necessary, for up-to-date, specific, clear and legitimate purposes. The company retains personal data for as long as required by law or for the purpose of processing personal data.

3.1 Principles Regarding the Processing of Personal Data

The company is to enlighten the data owners in accordance with Article 10 of the KVK Law, and in cases where consent is required, the company processes this personal data on the basis of the principles set forth below, by requesting their consent.

3.1.1 Processing of Data in Compliance with the Law and the Rule of Integrity

The company acts in accordance with the principles brought by legal regulations and the general rule of trust and honesty in the processing of personal data. In accordance with the principle of compliance with the rule of integrity, the Company considers the interests and reasonable expectations of the data subjects while trying to achieve its goals in data processing.

3.1.2 Ensuring Personal Data Are Accurate and Up-to-Date When Necessary

Keeping personal data accurate and up-to-date is necessary for the Company to protect the fundamental rights and freedoms of the person concerned. The Company has an active duty of care to ensure that personal data is accurate and up-to-date when necessary. For this reason, all communication channels are open for the Company to keep the information of the data owner accurate and up-to-date.

3.1.3 Processing of Data for Specific, Explicit and Legitimate Purposes

The company clearly and precisely determines the purpose of processing personal data, which is legitimate and lawful. It processes personal data in connection with the commercial activity it carries out and as necessary for these.

3.1.4 Relevance, Limitation and Measurement of the Data for the Purpose for which they are Processed

Company; processes personal data within the scope of the purposes related to its field of activity and necessary for the conduct of its business. For this reason, personal data are kept in order to achieve the determined purposes. It processes in a sensitive way and avoids the processing of personal data that is not related to the realization of the purpose or that is not needed.

3.1.5 Retention of the Data as Envisioned in the Relevant Legislation or Required for the Purpose of Processing

The company retains personal data only for as long as required by the relevant legislation or for the purpose for which they are processed. In this context; first of all, it determines whether a period is foreseen for the storage of personal data in the relevant legislation, if a period is determined, it acts in accordance with this period, and if a period is not determined, it stores the personal data for the period required for the purpose for which they are processed. Personal data is deleted, destroyed or anonymized by the Company after the purpose of processing personal data disappears or when the period stipulated in the legislation expires.

3.2 Conditions Regarding the Processing of Personal Data

In the presence of at least one of the personal data processing conditions in Article 5 of the Law, your personal data is processed by the Company.

3.2.1 Explicit consent of the personal data owner

One of the conditions for the processing of personal data is the explicit consent of the owner. The explicit consent of the personal data owner should be disclosed on a specific subject, based on information and free will.

In order to process personal data based on the explicit consent of the personal data owner, explicit consent is obtained from the customers, potential customers and visitors with the relevant methods.

3.2.2 Explicitly foreseeing personal data processing activities in the law

The personal data of the data owner can be processed in accordance with the law without the explicit consent of the data owner, if it is expressly stipulated in the law.

3.2.3 Failure to obtain the explicit consent of the person due to actual impossibility

The personal data of the data owner may be processed if it is necessary to process the personal data of the person who is unable to express his or her consent due to actual impossibility or whose consent will not be valid, in order to protect the life or physical integrity of himself or another person.

3.2.4 Personal data is directly related to the conclusion or performance of a contract

It is possible to process personal data if it is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract.

3.2.5 The company’s fulfillment of its legal obligation

In case the processing is necessary for the Company to fulfill its legal obligations as a data controller, the personal data of the data subject can be processed.

3.2.6 Making the personal data of the data subject public

If the data owner has made his personal data public by himself, the relevant personal data may be processed.

3.2.7 Data processing is mandatory for the establishment or protection of a right

If data processing is necessary for the establishment, exercise or protection of a right, the personal data of the data owner may be processed.

3.2.8 Data processing is mandatory for the legitimate interest of the Company

Provided that it does not harm the fundamental rights and freedoms of the personal data owner, the personal data of the data owner may be processed if data processing is necessary for the legitimate interests of the Company.

3.3 Processing of Private Personal Data

The company strictly complies with the regulations stipulated in the Personal Data Protection Law in the processing of personal data determined as “special quality” by the Personal Data Protection Law.

By the company; Special categories of personal data are processed in the following cases, provided that adequate measures to be determined by the Personal Data Protection Law Board are taken:

  • If the personal data owner has express consent, or
  • If there is no explicit consent of the personal data owner;
  • Special categories of personal data other than the health and sexual life of the personal data owner, in cases stipulated by the laws,
  • Special categories of personal data relating to the health and sexual life of the personal data owner, only for the purposes of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing, or persons or authorized institutions and organizations under the obligation of keeping confidentiality. processed by organizations.
  1. Transfer of Personal Data

The company can transfer the personal data and sensitive personal data of the data owner to third parties in the country or abroad by taking the necessary security measures in line with the personal data processing purposes in accordance with the law. Accordingly, the company acts in accordance with the regulations stipulated in Article 8 of the KVK Law.

4.1 Transfer of personal data to third parties in the country

In case of existence of at least one of the data processing conditions stated in Articles 5 and 6 of the Law and explained under Title 3 of this Policy, and provided that it complies with the basic principles regarding data processing conditions, your personal data will not be processed by the Company. can be transferred by

4.2 Transfer of personal data to third parties abroad

The company can transfer the personal data and sensitive personal data of the personal data owner to third parties abroad, in the presence of at least one of the data processing conditions explained under Title 3 of this Policy and by taking the necessary security measures. Personal data by the company; To foreign countries declared to have adequate protection by the Personal Data Protection Board (“Foreign Country with Sufficient Protection”) or in case of lack of sufficient protection, where data controllers in Turkey and the relevant foreign country undertake in writing to provide adequate protection and where the permission of the KVK Board is available. are transferred to foreign countries (“Foreign Country of Data Controller Undertaking Adequate Protection”). Accordingly, the company acts in accordance with the regulations stipulated in Article 9 of the Personal Data Protection Law.

4.3 Third parties to whom personal data are transferred and the purposes for which they are transferred

In accordance with the general principles of the law and the data processing conditions in Articles 8 and 9, the Company can transfer data to the parties categorized in the table below:

Persons to whom Data Transfer can be made Definition Purpose

The parties with whom the Business Partner Company establishes business partnerships while carrying out its commercial activities, limited sharing of personal data in order to ensure the fulfillment of the purposes for which the business partnership was established.

Shareholders Shareholders who are authorized to design strategies and audit activities regarding the Company’s commercial activities in accordance with the provisions of the relevant legislation.

Company Authorities Members of the Board of Directors and other authorized persons Sharing personal data limited to designing strategies for the Company’s commercial activities, ensuring the highest level of management and auditing purposes

Legally Authorized Public Institutions and Organizations Public institutions and organizations legally authorized to receive information and documents from the Firm Limited personal data sharing for the purpose of requesting information by relevant public institutions and organizations

Legally Authorized Private Legal Persons Private legal persons legally authorized to receive information and documents from the Firm Sharing of data limited to the purpose requested by the relevant private legal persons within their legal authority

  1. Data Subject’s Rights and Exercise of Related Rights

5.1 Rights of the personal data owner:

  1. Learning whether personal data is processed or not,
  2. Requesting information on personal data if it has been processed,
  3. To learn the purpose of processing personal data and whether they are used in accordance with the purpose,
  4. Knowing the third parties to whom personal data is transferred in the country or abroad,
  5. Requesting correction of personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
  6. To request the deletion or destruction of personal data in the event that the reasons requiring its processing have disappeared, although it has been processed in accordance with the provisions of the KVK Law and other relevant laws, and to request the notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
  7. Objecting to this result if a result against the person arises by analyzing the processed data exclusively through automated systems,
  8. To request the compensation of the damage in case of loss due to unlawful processing of personal data.

In case the personal data is not obtained directly from the data owner; By the company (1) within a reasonable period of time after the personal data is obtained, (2) during the first communication in case the personal data is to be used for communication with the data owner, (3) at the latest, if the personal data is to be transferred, for the first time at the latest. At the time of transfer, activities regarding the disclosure of data owners are carried out.

5.2 Cases where the personal data owner cannot assert his rights:

Personal data owners cannot claim their rights listed in 5.1 in these matters, since the following cases are excluded from the scope of the Personal Data Protection Law in accordance with Article 28 of the Personal Data Protection Law:

  1. Processing of personal data by real persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not given to third parties and that the obligations regarding data security are complied with,
  2. Processing personal data for purposes such as research, planning and statistics by making them anonymous with official statistics,
  3. Provided that personal data do not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or do not constitute a crime, art, history, literatüre processed for financial or scientific purposes or within the scope of freedom of expression,
  4. Processing of personal data within the scope of preventive and protective activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security,
  5. Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.

28.2 of the Personal Data Protection Law. pursuant to article; In the cases listed below, personal data owners cannot claim their other rights listed in 5.1, except for the right to demand the compensation of the damage:

  1. Personal data processing is necessary for the prevention of crime or for criminal investigation,
  2. Processing of personal data made public by the personal data owner himself,
  3. The processing of personal data is necessary for the execution of supervisory or regulation duties and for disciplinary investigation or prosecution by the authorized and authorized public institutions and organizations and professional organizations in the nature of public institution, based on the authority given by the law,
  4. The processing of personal data is necessary for the protection of the economic and financial interests of the State with regard to budgetary, tax and financial matters.
  5. Deletion, Destruction, Anonymization of Personal Data

Although it has been processed in accordance with the provisions of the relevant law, as regulated in Article 138 of the Turkish Penal Code and Article 7 of the Personal Data Protection Law, personal data is deleted upon the decision of the Company or upon the request of the personal data owner, in case the reasons requiring processing are eliminated, destroyed or anonymized. In this context, the Company takes the necessary technical and administrative measures within the Company in order to fulfill its related obligation; has developed the necessary working mechanisms in this regard; trains, assigns and raises awareness of the relevant business units in order to comply with these obligations.

Contact Us

Contact us to forward all your questions and comments regarding the Personal Data Protection Policy!

Company Name: İnnovator Bilişim Teknolojileri Sanayi ve Ticaret Limited Şirketi

Address: Atatürk Mh. İrfan Sk. No: 10/A 34764 Ümraniye | İstanbul | Türkiye

Tax Office: Ümraniye

Tax Number: 4781180451

Mobile: +90 532 249 89 40

E-Mail: info@hometextile.shop