INFORMATION NOTICE ON MARKETING ACTIVITIES
Your personal data is processed by Checkmaster Teknoloji Anonim Şirketi (“Company”), registered with the Istanbul Trade Registry Office under registration number 0209189523200001 and headquartered at İçerenköy Mah. Topçu İbrahim Sk. No: 8-10 D 34752 Ataşehir/Istanbul, in its capacity as data controller, within the scope of the Law No. 6698 on the Protection of Personal Data (“KVKK”) and this Information Notice on Marketing Activities (“Information Notice”).
Our Company respects your privacy and your rights regarding the protection of your personal data, and is committed to establishing and maintaining a relationship based on trust. In this regard, our Company processes your personal data in accordance with KVKK and all relevant data protection legislation, ensures their secure storage, and takes all necessary security measures against potential unlawful access. This Information Notice explains the scope in which your personal data, collected in relation to marketing activities for products and/or services offered by or on behalf of our Company, is processed. This notice has been prepared for individual trader customers who are part of marketing activities, and for employees of corporate customers who are natural persons.
Your personal data is collected by our Company through fully or partially automated means, or through non-automated methods provided that they are part of a data recording system, in electronic and/or physical environments, via the COMPANY and primarily through our Company’s website, campaigns, surveys, mobile applications, customer services, email, telephone, fax, mail/courier, cookies and other identification technologies, request/complaint platforms, authorized public institutions and other relevant third-party integrated systems, and social media platforms, as well as any additional methods (channels) that may be developed in the future.
Your personal data is processed for the purposes of fulfilling the Company’s obligations arising from marketing processes; managing customer relations and satisfaction; managing requests and/or complaints; recordkeeping and archiving; fulfilling legal obligations and mandatory legal notifications, including legal and consultancy matters; managing information security; managing quality standards including the improvement of products/services/processes; ensuring compliance with the global policies and procedures of our group companies and shareholders through communication, audit, and reporting management; managing audit and internal audit processes; and, with your explicit consent, for planning and/or executing direct and/or indirect personal/mass marketing activities via electronic and/or physical media such as promotions, campaigns, surveys, sweepstakes, contests, newsletters, and website memberships organized by the Company, especially through social media platforms (e.g., YouTube, Instagram, and X); publishing reviews/feedback related to the products/services offered by the Company on electronic platforms; managing corporate communication activities aimed at increasing brand value and awareness of the Company; planning and managing activities for building/increasing loyalty towards the products/services; and planning and managing communication and other engagement activities through social media platforms.
The categories of personal data processed, along with the purposes and legal grounds for processing such data, are detailed below.
| Personal Data Category | Purposes of Personal Data Processing and Legal Grounds for Processing |
| Visual and Audio Data | Personal data in this category is processed in accordance with the personal data processing conditions (legal grounds) specified under Article 5, paragraph 2 of the Law on the Protection of Personal Data (KVKK), particularly: subparagraph (ç): where data processing is necessary for the data controller to fulfill its legal obligations, subparagraph (e): where processing is necessary for the establishment, exercise, or protection of a right, and subparagraph (f): where processing is necessary for the legitimate interests of the data controller, provided that it does not violate the fundamental rights and freedoms of the data subject. Such data is processed for the following purposes: Execution of Audit / Ethics Activities Ensuring Compliance with Legal Regulations Conducting and Following Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Management of Customer Relationship Processes Execution of Customer Satisfaction Activities Execution of Data Retention and Archiving Processes Ensuring the Security of Data Controller Operations Providing Information to Authorized Persons, Institutions, and Organizations Additionally, personal data in this category is also processed—based on the explicit consent of the data subject, in accordance with Article 5, paragraph 1 of KVKK—under the following purposes: Execution of Loyalty Processes Related to Company / Products / Services Execution of Communication Activities Execution of Customer Satisfaction Activities Execution of Advertisement / Campaign / Promotion Processes Execution of Data Retention and Archiving Processes Execution of Marketing Processes for Products / Services |
| Legal Transaction Data | Personal data in this category is processed based on the personal data processing conditions (legal grounds) set forth under Article 5, paragraph 2 of the Law on the Protection of Personal Data (KVKK), specifically: subparagraph (ç): where processing is necessary for the data controller to fulfill its legal obligations, subparagraph (e): where processing is necessary for the establishment, exercise, or protection of a right, and subparagraph (f): where processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. Such data is processed for the following purposes: Execution of Information Security Processes Execution of Audit / Ethics Activities Ensuring Compliance with Legal Regulations Conducting and Following Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution of Data Retention and Archiving Processes Execution of Contract Management Processes Providing Information to Authorized Persons, Institutions, and Organizations |
| Contact Data | Personal data in this category is processed based on the personal data processing conditions (legal grounds) set forth under Article 5, paragraph 2 of the Law on the Protection of Personal Data (KVKK), specifically: subparagraph (a): where it is explicitly stipulated by laws, subparagraph (c): where it is necessary to process the personal data of parties to a contract, provided that it is directly related to the establishment or performance of the contract, subparagraph (ç): where processing is necessary for the data controller to fulfill its legal obligations, subparagraph (e): where processing is necessary for the establishment, exercise, or protection of a right, and subparagraph (f): where processing is necessary for the legitimate interests of the data controller, provided that it does not violate the fundamental rights and freedoms of the data subject. Such data is processed for the following purposes: Execution of Information Security Processes Execution of Audit / Ethics Activities Ensuring Compliance with Legal Regulations Conducting and Following Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution of Communication Activities Execution and Supervision of Business Operations Receiving and Evaluating Suggestions for Improving Business Processes Management of Customer Relationship Processes Execution of Customer Satisfaction Activities Execution of Data Retention and Archiving Processes Execution of Contract Management Processes Management of Requests / Complaints Providing Information to Authorized Persons, Institutions, and Organizations In addition, personal data in this category is processed — where explicit consent is present — in accordance with Article 5, paragraph 1 of KVKK, based on the condition of explicit consent, and for the following purposes: Execution of Loyalty Processes Related to Company / Products / Services Execution of Communication Activities Execution of Customer Satisfaction Activities Organization and Event Management Execution of Marketing Analysis Activities Execution of Advertisement / Campaign / Promotion Processes Execution of Marketing Processes for Products / Services |
| Transaction Security Data | Personal data in this category is processed based on the personal data processing conditions (legal grounds) stipulated under Article 5, paragraph 2 of the Law on the Protection of Personal Data (KVKK), specifically: subparagraph (c): where it is necessary to process the personal data of parties to a contract, provided that it is directly related to the establishment or performance of the contract, subparagraph (ç): where processing is necessary for the data controller to fulfill its legal obligations, subparagraph (e): where processing is necessary for the establishment, exercise, or protection of a right, and subparagraph (f): where processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. Such data is processed for the following purposes: Execution of Information Security Processes Execution of Audit / Ethics Activities Ensuring Compliance with Legal Regulations Conducting and Following Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution of Communication Activities Management of Customer Relationship Processes Execution of Customer Satisfaction Activities Execution of Data Retention and Archiving Processes Execution of Contract Management Processes Management of Requests / Complaints Ensuring the Security of Data Controller Operations Providing Information to Authorized Persons, Institutions, and Organizations Additionally, where explicit consent is present in accordance with Article 5, paragraph 1 of KVKK, personal data in this category may also be processed based on the legal ground of explicit consent for the following purposes: Execution of Loyalty Processes Related to Company / Products / Services Execution of Customer Satisfaction Activities Execution of Marketing Analysis Activities Execution of Advertisement / Campaign / Promotion Processes Execution of Data Retention and Archiving Processes Execution of Marketing Processes for Products / Services |
| Identity Data | Personal data in this category is processed based on the personal data processing conditions (legal grounds) set forth under Article 5, paragraph 2 of the Law on the Protection of Personal Data (KVKK), specifically: subparagraph (c): where it is necessary to process the personal data of parties to a contract, provided that it is directly related to the establishment or performance of the contract, subparagraph (ç): where processing is necessary for the data controller to fulfill its legal obligations, subparagraph (e): where processing is necessary for the establishment, exercise, or protection of a right, and subparagraph (f): where processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. Such data is processed for the following purposes: Execution of Information Security Processes Execution of Audit / Ethics Activities Ensuring Compliance with Legal Regulations Conducting and Following Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution of Communication Activities Execution and Supervision of Business Operations Receiving and Evaluating Suggestions for Improving Business Processes Management of Customer Relationship Processes Execution of Customer Satisfaction Activities Execution of Data Retention and Archiving Processes Execution of Contract Management Processes Management of Requests / Complaints Providing Information to Authorized Persons, Institutions, and Organizations In addition, where explicit consent is present in accordance with Article 5, paragraph 1 of KVKK, personal data in this category may also be processed based on the legal ground of explicit consent for the following purposes: Execution of Loyalty Processes Related to Company / Products / Services Execution of Communication Activities Execution of Customer Satisfaction Activities Organization and Event Management Execution of Marketing Analysis Activities Execution of Advertisement / Campaign / Promotion Processes Execution of Data Retention and Archiving Processes Execution of Marketing Processes for Products / Services |
| Customer Transaction Data (pertains to natural persons) | Personal data in this category is processed based on the personal data processing conditions (legal grounds) stipulated under Article 5, paragraph 2 of the Law on the Protection of Personal Data (KVKK), specifically: subparagraph (c): where it is necessary to process the personal data of parties to a contract, provided that it is directly related to the establishment or performance of the contract, subparagraph (ç): where processing is necessary for the data controller to fulfill its legal obligations, subparagraph (e): where processing is necessary for the establishment, exercise, or protection of a right, and subparagraph (f): where processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. Such data is processed for the following purposes: Execution of Information Security Processes Execution of Audit / Ethics Activities Ensuring Compliance with Legal Regulations Conducting and Following Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution of Communication Activities Execution and Supervision of Business Operations Receiving and Evaluating Suggestions for Improving Business Processes Management of Customer Relationship Processes Execution of Customer Satisfaction Activities Execution of Data Retention and Archiving Processes Execution of Contract Management Processes Management of Requests / Complaints Providing Information to Authorized Persons, Institutions, and Organizations Additionally, where explicit consent is present in accordance with Article 5, paragraph 1 of KVKK, personal data in this category may also be processed based on the legal ground of explicit consent for the following purposes: Execution of Loyalty Processes Related to Company / Products / Services Execution of Communication Activities Execution of Customer Satisfaction Activities Organization and Event Management Execution of Marketing Analysis Activities Execution of Advertisement / Campaign / Promotion Processes Execution of Data Retention and Archiving Processes Execution of Marketing Processes for Products / Services |
| Marketing Data | Personal data in this category is processed based on the personal data processing conditions (legal grounds) set forth under Article 5, paragraph 2 of the Law on the Protection of Personal Data (KVKK), specifically: subparagraph (ç): where processing is necessary for the data controller to fulfill its legal obligations, subparagraph (e): where processing is necessary for the establishment, exercise, or protection of a right, and subparagraph (f): where processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. Such data is processed for the following purposes: Execution of Audit / Ethics Activities Ensuring Compliance with Legal Regulations Conducting and Following Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution and Supervision of Business Operations Execution of Data Retention and Archiving Processes Execution of Contract Management Processes Providing Information to Authorized Persons, Institutions, and Organizations In addition, where explicit consent is present in accordance with Article 5, paragraph 1 of KVKK, personal data in this category may also be processed based on the legal ground of explicit consent for the following purposes: Execution of Loyalty Processes Related to Company / Products / Services Execution of Communication Activities Execution of Customer Satisfaction Activities Organization and Event Management Execution of Marketing Analysis Activities Execution of Advertisement / Campaign / Promotion Processes Execution of Data Retention and Archiving Processes Execution of Marketing Processes for Products / Services |
| Request / Complaint Data | Personal data in this category is processed based on the personal data processing conditions (legal grounds) set forth under Article 5, paragraph 2 of the Law on the Protection of Personal Data (KVKK), specifically: subparagraph (c): where it is necessary to process the personal data of parties to a contract, provided that it is directly related to the establishment or performance of the contract, subparagraph (ç): where processing is necessary for the data controller to fulfill its legal obligations, subparagraph (e): where processing is necessary for the establishment, exercise, or protection of a right, and subparagraph (f): where processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. Such data is processed for the following purposes: Execution of Audit / Ethics Activities Execution of Internal Audit / Investigation / Intelligence Activities Execution of Communication Activities Execution and Supervision of Business Operations Receiving and Evaluating Suggestions for Improving Business Processes Management of Customer Relationship Processes Execution of Customer Satisfaction Activities Execution of Data Retention and Archiving Processes Management of Requests / Complaints Providing Information to Authorized Persons, Institutions, and Organizations Additionally, where explicit consent is present in accordance with Article 5, paragraph 1 of KVKK, personal data in this category may also be processed based on the legal ground of explicit consent for the following purposes: Execution of Loyalty Processes Related to Company / Products / Services Execution of Communication Activities Execution of Customer Satisfaction Activities Execution of Data Retention and Archiving Processes Execution of Marketing Analysis Activities |
| Financial Data (pertains to natural persons) | Personal data in this category is processed based on the personal data processing conditions (legal grounds) set forth under Article 5, paragraph 2 of the Law on the Protection of Personal Data (KVKK), specifically: subparagraph (e): where processing is necessary for the establishment, exercise, or protection of a right, and subparagraph (f): where processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. Such data is processed for the following purposes: Execution of Information Security Processes Execution of Audit / Ethics Activities Conducting and Following Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution and Supervision of Business Operations Management of Customer Relationship Processes Execution of Data Retention and Archiving Processes Management of Requests / Complaints Providing Information to Authorized Persons, Institutions, and Organizations Additionally, where explicit consent is present in accordance with Article 5, paragraph 1 of KVKK, personal data in this category may also be processed based on the legal ground of explicit consent for the following purposes: Execution of Loyalty Processes Related to Company / Products / Services Execution of Customer Satisfaction Activities Organization and Event Management Execution of Advertisement / Campaign / Promotion Processes Execution of Data Retention and Archiving Processes Execution of Marketing Processes for Products / Services |
Within our Company, access to your personal data is granted solely to employees with limited access authorizations, only to the extent necessary for the performance of their duties and strictly for the purposes detailed above. Unless the conditions for data transfer set forth under Articles 8 and/or 9 of the Law on the Protection of Personal Data (“KVKK”) are met, your personal data is not transferred to third parties located within or outside Turkey. However, personal data processed under each of the categories listed above may be transferred to the recipient groups stated below, provided that the data transfer complies with the conditions under Articles 8 and/or 9 of the KVKK, and the legal grounds for processing — specified above for each data category — are also valid for the transfer purpose.
The personal data obtained during the course of our Company’s operations are stored and destroyed in accordance with the general principles and rules outlined in our Company’s data retention and destruction policies and procedures, which have been prepared in compliance with the Constitution, the KVKK, the Regulation on the Deletion, Destruction or Anonymization of Personal Data, and other relevant legislation.
In this context, your personal data will be destroyed if all applicable personal data processing conditions cease to exist. Accordingly, your personal data may continue to be processed throughout the statutory limitation periods following the termination of your relationship with our Company. Personal data processed based on your explicit consent will be destroyed during the first destruction cycle after you withdraw your consent. For more information regarding requests for the destruction of your personal data, please refer to Section 6 of this Information Notice.
As a personal data subject, you have the following rights under Article 11 of the KVKK:
You may submit your requests regarding the rights listed above by:
(i) Completing the Data Subject Application Form, which you can access [here], and submitting it to our Company in accordance with the provisions of the Communiqué on the Principles and Procedures for the Request to Data Controller, either in writing or electronically through a registered electronic mail (KEP) address, secure electronic signature, mobile signature, or via the e-mail address previously notified to and registered in our systems. The application must include information/documents that enable us to verify your identity (e.g., Turkish ID number or passport number for foreign nationals, residential or workplace address for service of process, mobile phone/telephone/fax number, e-mail address, etc.); or
(ii) Using the communication channels indicated in the Data Subject Application Form in compliance with the procedures and principles set forth in the applicable legislation.
Depending on the nature of your request, it will be concluded as soon as possible and no later than thirty (30) days. Applications are free of charge; however, if the process incurs an additional cost, a fee may be charged according to the tariff determined by the Personal Data Protection Board.
Please note that none of the submitted documents should include any sensitive personal data (e.g., religious beliefs, blood type, etc.).
INFORMATION NOTICE REGARDING ONLINE SALES AND AFTER-SALES SUPPORT PROCESSES
Your personal data is processed by Checkmaster Teknoloji Anonim Şirketi (“Company”) , acting as the data controller, registered with the Istanbul Trade Registry Office under registration number 0209189523200001 and headquartered at İçerenköy Mah. Topçu İbrahim Sk. No: 8-10 D 34752 Ataşehir/Istanbul, within the scope of the Law No. 6698 on the Protection of Personal Data (“KVKK”) and this Information Notice Regarding Online Sales and After-Sales Support Processes (“Information Notice”).
Our Company respects your privacy and your rights regarding the protection of your personal data and is committed to establishing and maintaining a relationship of trust with you. In this context, we process your personal data in compliance with the KVKK and all other applicable personal data protection regulations, ensure the secure storage of your data, and take all necessary security measures against possible unlawful access. This Information Notice explains the scope in which your personal data is processed in the context of trial account creation, account/membership registration, purchase of products and/or services, and after-sales support services related to the products and/or services provided directly by our Company or on behalf of our Company through its online platforms. This notice has been prepared for individual trader customers and natural person employees of corporate customers involved in the sales and after-sales service processes.
Your personal data is collected by our Company through fully or partially automated means or by non-automated methods provided that they are part of a data recording system, in electronic and/or physical environments, primarily via the Company’s own online websites, printed forms and surveys, mobile applications, customer service channels, e-mail, telephone, fax, courier/postal services, request/complaint platforms, authorized public institutions and organizations, and other relevant third-party integrated systems (e.g., online marketplaces), as well as by other means (channels) that may be added in the future.
The categories of personal data collected, the purposes of processing, and the legal grounds for processing include, but are not limited to, the following operations:
- Product and/or service sales management
- After-sales support services management (e.g., exchanges/returns, maintenance/repair, delivery through the Company and/or authorized service providers or suppliers)
- Issuance/amendment/cancellation of invoices, payments, collections, and other accounting and financial transactions
- Customer relationship and satisfaction management
- Request and/or complaint management
- Recordkeeping and archiving
- Fulfillment of legal obligations and mandatory legal notifications, including the management of legal and consultancy affairs
- Information security management
- Management of quality standards, including product/service/process improvement
- Communication, audit, and reporting management in line with global policies and procedures of our group companies and shareholders
- Audit and internal audit management processes
Detailed information regarding the categories of personal data processed, the purposes of processing, and the legal grounds is provided below.
| Kişisel Veri Kategorisi | Kişisel Verilerin İşlenme Amaçları ve İşlemenin Hukuki Sebepleri |
| Financial Data (pertains to natural persons only) | Personal data in this category is processed based on the personal data processing conditions (legal grounds) set forth under Article 5, paragraph 2 of the Law on the Protection of Personal Data (KVKK), specifically: subparagraph (a): where it is explicitly stipulated by law, subparagraph (c): where it is necessary to process the personal data of parties to a contract, provided that it is directly related to the establishment or performance of the contract, subparagraph (ç): where processing is necessary for the data controller to fulfill its legal obligations, subparagraph (e): where processing is necessary for the establishment, exercise, or protection of a right, and subparagraph (f): where processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. Such data is processed for the following purposes: Execution of Information Security Processes Execution of Audit / Ethics Activities Ensuring Compliance with Legal Regulations Execution of Finance and Accounting Processes Conducting and Following Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution and Supervision of Business Operations Execution of Logistics Operations Execution of After-Sales Support Services for Goods / Services Execution of Sales Processes for Goods / Services Execution of Goods / Services Production and Operations Management of Customer Relationship Processes Execution of Data Retention and Archiving Processes Execution of Contract Management Processes Management of Requests / Complaints Execution of Supply Chain Management Processes Providing Information to Authorized Persons, Institutions, and Organizations |
| Visual and Audio Data (Applies to natural persons and employees of legal entities) (Processed only if you contact customer service within the scope of sales and after-sales processes.) | Personal data in this category is processed based on the personal data processing conditions (legal grounds) set forth under Article 5, paragraph 2 of the Law on the Protection of Personal Data (KVKK), specifically: subparagraph (e): where processing is necessary for the establishment, exercise, or protection of a right, and subparagraph (f): where processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. Such data is processed for the following purposes: Execution of Audit / Ethics Activities Conducting and Following Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution of Communication Activities Execution and Supervision of Business Operations Execution of After-Sales Support Services for Goods / Services Management of Customer Relationship Processes Execution of Customer Satisfaction Activities Execution of Data Retention and Archiving Processes Execution of Contract Management Processes Management of Requests / Complaints Providing Information to Authorized Persons, Institutions, and Organizations |
| Legal Transaction Data (Applies to natural persons and employees of legal entities) | Personal data in this category is processed based on the personal data processing conditions (legal grounds) set forth under Article 5, paragraph 2 of the Law on the Protection of Personal Data (KVKK), specifically: subparagraph (ç): where processing is necessary for the data controller to fulfill its legal obligations, subparagraph (e): where processing is necessary for the establishment, exercise, or protection of a right, and subparagraph (f): where processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. Such data is processed for the following purposes: Execution of Information Security Processes Execution of Audit / Ethics Activities Ensuring Compliance with Legal Regulations Conducting and Following Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution of Data Retention and Archiving Processes Execution of Contract Management Processes Providing Information to Authorized Persons, Institutions, and Organizations |
| Contact Data (Applies to natural persons and employees of legal entities) | Personal data in this category is processed based on the personal data processing conditions (legal grounds) set forth under Article 5, paragraph 2 of the Law on the Protection of Personal Data (KVKK), specifically: subparagraph (a): where it is explicitly stipulated by law, subparagraph (c): where it is necessary to process the personal data of parties to a contract, provided that it is directly related to the establishment or performance of the contract, subparagraph (ç): where processing is necessary for the data controller to fulfill its legal obligations, subparagraph (e): where processing is necessary for the establishment, exercise, or protection of a right, and subparagraph (f): where processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. Such data is processed for the following purposes: Execution of Information Security Processes Execution of Audit / Ethics Activities Ensuring Compliance with Legal Regulations Execution of Finance and Accounting Processes Conducting and Following Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution of Communication Activities Execution and Supervision of Business Operations Receiving and Evaluating Suggestions for Improving Business Processes Ensuring Business Continuity Execution of Logistics Operations Execution of After-Sales Support Services for Goods / Services Execution of Sales Processes for Goods / Services Execution of Goods / Services Production and Operations Management of Customer Relationship Processes Execution of Customer Satisfaction Activities Execution of Data Retention and Archiving Processes Execution of Contract Management Processes Management of Requests / Complaints Ensuring the Security of Movable Property and Resources Providing Information to Authorized Persons, Institutions, and Organizations |
| Transaction Security Data (Applies to natural persons and employees of legal entities) | Personal data in this category is processed based on the personal data processing conditions (legal grounds) set forth under Article 5, paragraph 2 of the Law on the Protection of Personal Data (KVKK), specifically: subparagraph (c): where it is necessary to process the personal data of parties to a contract, provided that it is directly related to the establishment or performance of the contract, subparagraph (ç): where processing is necessary for the data controller to fulfill its legal obligations, subparagraph (e): where processing is necessary for the establishment, exercise, or protection of a right, and subparagraph (f): where processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. Such data is processed for the following purposes: Execution of Information Security Processes Execution of Audit / Ethics Activities Ensuring Compliance with Legal Regulations Conducting and Following Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution of After-Sales Support Services for Goods / Services Execution of Sales Processes for Goods / Services Management of Customer Relationship Processes Execution of Data Retention and Archiving Processes Execution of Contract Management Processes Management of Requests / Complaints Ensuring the Security of Data Controller Operations Providing Information to Authorized Persons, Institutions, and Organizations |
| Identity Data (Applies to natural persons and employees of legal entities) | Personal data in this category is processed based on the personal data processing conditions (legal grounds) set forth under Article 5, paragraph 2 of the Law on the Protection of Personal Data (KVKK), specifically: subparagraph (a): where it is explicitly stipulated by law, subparagraph (c): where it is necessary to process the personal data of parties to a contract, provided that it is directly related to the establishment or performance of the contract, subparagraph (ç): where processing is necessary for the data controller to fulfill its legal obligations, subparagraph (e): where processing is necessary for the establishment, exercise, or protection of a right, and subparagraph (f): where processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. Such data is processed for the following purposes: Execution of Information Security Processes Execution of Audit / Ethics Activities Ensuring Compliance with Legal Regulations Execution of Finance and Accounting Processes Conducting and Following Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution of Communication Activities Execution and Supervision of Business Operations Ensuring Business Continuity Execution of Logistics Operations Execution of After-Sales Support Services for Goods / Services Execution of Sales Processes for Goods / Services Execution of Goods / Services Production and Operations Management of Customer Relationship Processes Execution of Customer Satisfaction Activities Execution of Data Retention and Archiving Processes Execution of Contract Management Processes Management of Requests / Complaints Ensuring the Security of Movable Property and Resources Execution of Supply Chain Management Processes Providing Information to Authorized Persons, Institutions, and Organizations |
| Customer Transaction Data (Applies to natural person customers only) | Personal data in this category is processed based on the personal data processing conditions (legal grounds) set forth under Article 5, paragraph 2 of the Law on the Protection of Personal Data (KVKK), specifically: subparagraph (c): where it is necessary to process the personal data of parties to a contract, provided that it is directly related to the establishment or performance of the contract, subparagraph (ç): where processing is necessary for the data controller to fulfill its legal obligations, subparagraph (e): where processing is necessary for the establishment, exercise, or protection of a right, and subparagraph (f): where processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. Such data is processed for the following purposes: Execution of Information Security Processes Execution of Audit / Ethics Activities Ensuring Compliance with Legal Regulations Execution of Finance and Accounting Processes Conducting and Following Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution of Communication Activities Execution and Supervision of Business Operations Ensuring Business Continuity Execution of Logistics Operations Execution of After-Sales Support Services for Goods / Services Execution of Sales Processes for Goods / Services Execution of Goods / Services Production and Operations Management of Customer Relationship Processes Execution of Customer Satisfaction Activities Execution of Data Retention and Archiving Processes Execution of Contract Management Processes Management of Requests / Complaints Ensuring the Security of Movable Property and Resources Execution of Supply Chain Management Processes Providing Information to Authorized Persons, Institutions, and Organizations |
| Request / Complaint Data (Applies to natural persons and employees of legal entities) | Personal data in this category is processed based on the personal data processing conditions (legal grounds) set forth under Article 5, paragraph 2 of the Law on the Protection of Personal Data (KVKK), specifically: subparagraph (c): where it is necessary to process the personal data of parties to a contract, provided that it is directly related to the establishment or performance of the contract, subparagraph (ç): where processing is necessary for the data controller to fulfill its legal obligations, subparagraph (e): where processing is necessary for the establishment, exercise, or protection of a right, and subparagraph (f): where processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. Such data is processed for the following purposes: Execution of Audit / Ethics Activities Ensuring Compliance with Legal Regulations Conducting and Following Legal Affairs Execution of Internal Audit / Investigation / Intelligence Activities Execution of Communication Activities Execution and Supervision of Business Operations Receiving and Evaluating Suggestions for Improving Business Processes Execution of After-Sales Support Services for Goods / Services Execution of Goods / Services Production and Operations Management of Customer Relationship Processes Execution of Customer Satisfaction Activities Execution of Data Retention and Archiving Processes Management of Requests / Complaints Providing Information to Authorized Persons, Institutions, and Organizations |
Within our Company, your personal data is accessible only to employees who have limited access authorization for the purposes detailed above, and only to the extent necessary for the performance of their duties. Unless the conditions for data transfer specified under Articles 8 and/or 9 of the Law on the Protection of Personal Data (KVKK) are met, your personal data is not transferred to third parties located within or outside of Turkey. However, your personal data processed under each of the categories listed above may be transferred to the recipient groups indicated below, provided that the relevant personal data processing conditions (legal grounds) outlined above also apply for the purposes of transfer in accordance with Articles 8 and/or 9 of the KVKK.
Personal data obtained during our Company’s operations is stored and disposed of in accordance with the general principles and procedures set forth in our Company’s retention and destruction policies, which have been prepared in compliance with the Constitution, the KVKK, the Regulation on the Deletion, Destruction, or Anonymization of Personal Data, and other applicable legislation.
Accordingly, your personal data will be destroyed if all of the applicable legal grounds for processing cease to exist. Until then, your personal data may continue to be processed for the duration of the applicable legal statute of limitations relevant to the specific process.
For your requests regarding the destruction of your personal data, please refer to Section 6 of this Information Notice.
As the data subject, you have the following rights under Article 11 of the KVKK:
You may submit your requests regarding the rights listed above by:
(i) Completing the Data Subject Application Form available [here] and submitting it to our Company in accordance with the Communiqué on the Principles and Procedures for Data Controller Applications — either in writing or electronically via registered electronic mail (KEP), secure electronic signature, mobile signature, or using the email address previously provided to and registered in our systems — along with the information/documents required to verify your identity (e.g., Turkish ID number or, for foreign nationals, passport number, residence or business address for legal notifications, mobile phone / telephone / fax number, email address, etc.); or
(ii) Sending your application through the communication channels indicated in the Data Subject Application Form, provided they comply with the applicable legal procedures and principles.
Depending on the nature of your request, it will be concluded as soon as possible and no later than thirty (30) days. Your application will be processed free of charge; however, if the process incurs additional costs, a fee may be charged in accordance with the tariff set by the Personal Data Protection Board.
Please note that the documents you submit must not contain any special categories of personal data (e.g., religious beliefs, blood type, etc.).
