[Company Name / Brand] Personal Data Policy

General Information about the Personal Data Protection Act

The Personal Data Protection Act (PDPA) was adopted on March 24, 2016, and published in the Official Gazette No. 29677 dated April 7, 2016. Some parts of the PDPA were effective on the publication date, and some became effective on October 7, 2016.

Information as the Data Controller

In accordance with PDPA No. 6698 and as the Data Controller, your personal data will be recorded, stored, updated, disclosed/transferred to third parties when permitted by legislation, classified, and processed in the ways specified on this page.

How Your Personal Data May be Processed

In accordance with PDPA No. 6698, your personal data shared with our company may be processed entirely or partially, automatically or non-automatically, within the framework described on this page. Any processing performed on the data under PDPA is considered "processing of personal data."

Purposes and Legal Grounds for Processing Your Personal Data

Your shared personal data will be processed in compliance with PDPA No. 6698 and related secondary regulations for the following purposes:

To fulfill the requirements of the services we provide to our customers, to develop our offered products and services, and to comply with the terms of the contract and technological requirements.

To determine the information of the transaction owner for the identification of the owner of the transaction in accordance with the Electronic Commerce Regulation published in the Official Gazette dated August 26, 2015, and numbered 29457, and other relevant legislation.

To regulate all records and documents required for mandatory payment systems in banking and electronic payment areas, and to comply with information storage, reporting, and notification obligations required by legislation and other authorities.

To provide information to prosecutors, courts, and relevant public officials regarding public safety matters and legal disputes, upon request and in accordance with the legislation.

Third Parties to Whom Your Personal Data May be Transferred

Your personal data shared with our company may be transferred to individuals/organizations that may be recipients of our services, including but not limited to IdeaSoft Software Ind. and Trade Inc., which provides our company's e-commerce infrastructure, suppliers, shipping companies, collaboration partners, domestic/international organizations, and other third parties.

How Your Personal Data is Collected

Your personal data may be collected through various channels:

Via forms on our company's website and mobile applications, including information such as name, surname, ID number, address, phone, business or personal email, preferences on pages accessed using a username and password, IP records of transactions, and browsing time and details.

Through various channels, including sales and marketing department employees, branches, suppliers, other sales channels, paper forms, business cards, digital marketing, and call centers, using oral, written, or electronic methods.

For the purpose of establishing a commercial relationship with our company, applying for a job, providing a quote, and similar purposes, personal data shared by individuals through business cards, resumes (CVs), and other means, either physically or virtually, face-to-face, or remotely, orally, in writing, or electronically.

Additionally, data obtained indirectly through various channels, such as websites, blogs, competitions, surveys, games, campaigns, and similar (micro) websites and social media, including but not limited to website, newsletter reading or clicking movements, publicly available database data, and profile and data shared on social media platforms, may be processed and collected.

Personal Data Obtained Before the Enforcement of PDPA

Personal data obtained legally before the effective date of PDPA on April 7, 2016, such as membership, electronic consent, product/service purchases, and other lawful means, is processed and stored in compliance with the terms and conditions specified in this document.

Transfer of Your Personal Data Abroad

Your personal data collected through any of the methods mentioned above may be transferred abroad in accordance with PDPA, to service providers abroad who comply with the Personal Data Protection Board and provide sufficient protection for personal data.

Storage and Protection of Personal Data

Your personal data will be kept confidential in the database and systems of our company in accordance with Article 12 of PDPA. Except for legal obligations and regulations specified in this document, it will not be shared with third parties in any way. Our company is obligated to take software measures such as access management, to prevent the unlawful processing of personal data, to prevent unauthorized access, and to take physical security measures. If it is learned that personal data is obtained by others through illegal means, the situation will be immediately reported to the Personal Data Protection Board in compliance with legal regulations and in writing.

Keeping Your Personal Data Up-to-Date and Accurate

Our company has the obligation, in accordance with Article 4 of PDPA, to keep your personal data accurate and up-to-date. In this context, our customers must share or update their correct and up-to-date data through the website/mobile application in order for our company to fulfill its obligations arising from current legislation.

Rights of the Data Subject According to PDPA No. 6698

In accordance with Article 11 of PDPA No. 6698, the data subject has the following rights:

To learn whether personal data is processed,

To request information if personal data has been processed,

To learn the purpose of processing personal data and whether they are used appropriately for their purpose,

To know the third parties in the country or abroad to whom personal data are transferred,

To request correction of personal data in case of incomplete or incorrect processing,

To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of PDPA,

To request the notification of the operations performed in accordance with paragraphs 5 and 6 to third parties to whom personal data have been transferred,

To object to the emergence of a result against the individual by analyzing the processed data exclusively through automated systems,

To request compensation for the damages in case the personal data is processed illegally and causes damage.

[Firm Name] is the Data Controller registered with [Chamber of Commerce], MERSIS number [MERSIS Number], located at [Company Address]. The Data Controller Representative, when appointed by our company, will be announced on the Data Controllers Registry and the internet address where this document is located when the legal infrastructure is provided. Data subjects can direct their questions, opinions, or requests to the following contact channels:

Email: [Email Address]

Phone: [Phone Number]

Fax: [Fax Number]

Please note that [Firm Name] should be replaced with your actual company name, and the specific details such as the Chamber of Commerce details, email, phone, and fax numbers should be filled in accordingly.