Personal Data Protection Policy
General Information on the Personal Data Protection Law
Law No. 6698 on the Protection of Personal Data, hereinafter referred to as the PDPL, was adopted on March 24, 2016, and published in the Official Gazette dated April 7, 2016, numbered 29677. Some provisions of the PDPL entered into force on the date of publication, while the remaining provisions entered into force on October 7, 2016.
Information as Data Controller
Pursuant to Law No. 6698 on the Protection of Personal Data, hereinafter referred to as the PDPL, and in our capacity as the Data Controller, your personal data may be recorded, stored, updated, disclosed/transferred to third parties where permitted by legislation, classified, and processed in the manners specified under the PDPL, within the framework explained on this page.
How Your Personal Data May Be Processed
Pursuant to Law No. 6698 on the Protection of Personal Data, your personal data shared with our company may be processed by us by being obtained, recorded, stored, altered, reorganized, and, in short, made subject to any operation performed on data, wholly or partially by automated means or by non-automated means provided that it forms part of a data recording system. Within the scope of the PDPL, any operation performed on data is considered “processing of personal data.”
Purposes and Legal Grounds for Processing Your Personal Data
In order to fulfill the requirements of the services we provide to our customers in accordance with the requirements of the contract and technology, and to improve the products and services we offer;
For the purpose of recording identity, address, and other necessary information to identify the transaction owner within the scope of the Law No. 6563 on the Regulation of Electronic Commerce, the Law No. 6502 on the Protection of Consumers, the Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce published in the Official Gazette dated 26.08.2015 and numbered 29457, prepared based on these regulations, the Distance Contracts Regulation published in the Official Gazette dated 27.11.2014 and numbered 29188, and other relevant legislation;
For the purpose of arranging payment systems required in the fields of banking and electronic payment, electronic contracts, or all records and documents that will serve as the basis for transactions in paper form; and for complying with information retention, reporting, and notification obligations required by legislation and other authorities;
For the purpose of providing information to public prosecutors’ offices, courts, and relevant public officials upon request and as required by legislation in matters related to public security and legal disputes; your personal data will be processed in accordance with Law No. 6698 on the Protection of Personal Data and the relevant secondary regulations. Information on Third Parties or Organizations to Whom Your Personal Data May Be Transferred For the purposes stated above, the persons/organizations to whom your personal data shared with our company may be transferred include, primarily Odoo Yazılım San. ve Tic. A.Ş., which provides our company’s e-commerce infrastructure, as well as suppliers, cargo companies, persons and organizations related to the services provided, program partner organizations from which we receive services and with which we cooperate in order to carry out our activities and/or in the capacity of Data Processor, domestic/foreign organizations, and other third parties.
Methods of Collecting Your Personal Data
our personal data may be processed and collected through the following methods:
Through forms on our company’s website and mobile applications, including information such as name, surname, Turkish ID number, address, phone number, business or personal email address; preferences on pages accessed with a username and password; IP records of transactions performed; cookie data collected by the browser; data including browsing duration and details; and location data;
Through verbal, written, or electronic channels such as our sales and marketing department employees, branches, suppliers, other sales channels, paper forms, business cards, digital marketing channels, and call centers;
From persons who share their personal data for purposes such as establishing a commercial relationship with our company, applying for a job, submitting an offer, or similar purposes, through business cards, résumés (CVs), offers, and other means, whether in a physical or virtual environment, face to face or remotely, verbally, in writing, or electronically;
In addition, personal data obtained indirectly through different channels may also be processed and collected, including data obtained from websites, blogs, contests, surveys, games, campaigns and similar-purpose micro websites, social media, e-newsletter reading or click activity, data provided by publicly available databases, and publicly shared profiles and data on social media platforms.
Your Personal Data Obtained Before the PDPL Came into Force
Your personal data that was lawfully obtained before April 7, 2016, the date on which the PDPL came into force, through membership, electronic communication permission, product/service purchase, and other methods, is also processed and retained in accordance with the terms and conditions set forth in this document.
Transfer of Your Personal Data Abroad
Your personal data collected by any of the methods listed above may also be transferred to service intermediaries located abroad, provided that it remains within the scope of the PDPL and in accordance with the purposes of the contract, whether it is processed in Turkey or processed and retained outside Turkey, to countries accredited by the Personal Data Protection Board and where sufficient protection is provided regarding the protection of personal data.
Storage and Protection of Personal Data
Your personal data will be stored confidentially in the databases and systems within our Company in accordance with Article 12 of the PDPL; and will not be shared with third parties in any way, except for legal obligations and the regulations specified in this document.
Our Company is obliged, in accordance with Article 12 of the PDPL, to prevent the unlawful processing of personal data in the systems and databases where your personal data is stored, to prevent access by unauthorized persons, and to take software-related measures such as access management as well as physical security measures.
In the event that it is learned that personal data has been obtained by others through unlawful means, the situation will be immediately reported to the Personal Data Protection Board in accordance with the legal regulation and in writing.
Keeping Personal Data Up to Date and Accurate
Pursuant to Article 4 of the PDPL, our Company has an obligation to keep your personal data accurate and up to date. In this context, in order for our Company to fulfill its obligations arising from the applicable legislation, our Customers must share their accurate and up-to-date data or update it through the website / mobile application.
Rights of the Personal Data Owner Pursuant to Law No. 6698 on the Protection of Personal Data
Article 11 of Law No. 6698 on the Protection of Personal Data entered into force on October 7, 2016, and pursuant to the relevant article, the rights of the Personal Data Owner after this date are as follows: The Personal Data Owner may apply to our Company as the Data Controller regarding themselves and;
- To learn whether personal data has been processed,
- To request information if personal data has been processed,
- To learn the purpose of processing personal data and whether such data is used in accordance with its purpose,
- To know the third parties to whom personal data is transferred, whether domestically or abroad,
- To request the correction of personal data if it has been processed incompletely or incorrectly,
- To request the deletion or destruction of personal data within the framework of the conditions set forth in Article 7 of the PDPL,
- Request to notify third parties to whom personal data has been transferred in case of correction, deletion, or destruction of personal data,
- Right to object to the processing of data that results in a negative outcome against the individual through analysis exclusively by automated systems,
- Right to request compensation for damages in case of unlawful processing of personal data. KOCAMAN PET İNŞAAT LİMİTED ŞİRKETİ, registered under the Gerede Chamber of Commerce with registration number 001372 and MERSIS number 0566035084400013, located at Demirciler OSB Mah. Organized Industrial Zone, 4th Street No: 18 Gerede/BOLU, is the Data Controller under KVKK. The Data Controller Representative to be appointed by our company will be announced in the Data Controllers Registry and on the internet address where this document is located once the legal infrastructure is established. Personal Data Owners can direct their questions, opinions, or requests to any of the following communication channels:
Email:[email protected]
Phone: 03743117931
Fax: 03743118931