Privacy Policy
PRIVACY POLICY
PREFACE
Within the scope of the Personal Data Protection Law, ÇEŞİT PARLATICI ZIMPARA SANAYİ VE TİCARET LİMİTED ŞİRKETİ (hereinafter referred to as "Çeşit" or the "Company") attaches great importance to the protection of your personal data and/or sensitive personal data. We are highly sensitive regarding the storage of all personal data and/or sensitive personal data belonging to you, which is transmitted to our Company through various channels. In this context, in order to comply with the provisions of the Law No. 6698 on the Protection of Personal Data, the Constitution of the Republic of Turkey, and other relevant legislation, we have taken all necessary technical and administrative measures as ÇEŞİT PARLATICI ZIMPARA SANAYİ VE TİCARET LİMİTED ŞİRKETİ. We would also like to emphasize that we will protect your rights, which are guaranteed by law. In this regard, you can securely share your personal data with our Company and convey your suggestions, complaints, and concerns to us.
Regarding the protection of your personal data, we are sharing with you our Privacy Policy, which is of particular importance and has been implemented within our Company.
ÇEŞİT PARLATICI ZIMPARA SANAYİ VE TİCARET LİMİTED ŞİRKETİ
1. PURPOSE OF THE PRIVACY POLICY
The protection of personal data and compliance with laws is our fundamental principle. Our Company has always demonstrated the necessary sensitivity regarding the protection of personal data and/or sensitive personal data. As ÇEŞİT PARLATICI ZIMPARA SANAYİ VE TİCARET LİMİTED ŞİRKETİ (hereinafter referred to as "Çeşit" or the "Company"), we have kept all personal data and/or sensitive personal data obtained from you confidential and have not shared it with third parties in all our operations. In accordance with the Law No. 6698 on the Protection of Personal Data, our internal regulations have been revised, and all technical and administrative measures have been taken. We accept, declare, and undertake to comply with all responsibilities imposed by the laws in the ongoing process.
2. SCOPE OF THE PRIVACY POLICY
This Privacy Policy has been prepared in accordance with the Law No. 6698 on the Protection of Personal Data.
Your personal data and/or sensitive personal data are obtained with your consent or within the scope of legal compliance conditions. Such data is used for the following purposes:
Ensuring Company security,
Providing you with complete services,
Conducting our commercial activities,
Resolving your issues promptly,
Improving our quality.
Some personal data and/or sensitive personal data received from you are anonymized and stripped of personal identifiers in accordance with the procedures prescribed by the Law. Data used for statistical purposes is not currently within the scope of the Law or our policy. As a Company, we reserve the right to amend our data policy, regulations, and directives to protect personal data within the scope of legal compliance.
The Privacy Policy aims to protect the data of customers, employees, and all other individuals related to the Company's business partners, whether obtained through any means. In this context, it includes various regulations to achieve the intended objective.
3. BASIC PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA AND/OR SENSITIVE PERSONAL DATA
Our basic principles regarding the processing of personal data and/or sensitive personal data are as follows. In this regard, these principles will also apply to data collected or processed by Çeşit based on consent or in compliance with the Law.
Lawfulness and Fairness: Çeşit questions the source and lawfulness of personal data and/or sensitive personal data received from individuals and legal entities through various channels. In this context, the lawful acquisition of data is of great importance to Çeşit.
Compliance with Honesty Rules: Çeşit questions the source of personal data and/or sensitive personal data received from individuals and legal entities through various channels. In this context, the acquisition of data in accordance with honesty rules is of great importance to Çeşit.
Being Limited, Proportional, and Relevant to the Purpose of Processing: Çeşit uses personal data and/or sensitive personal data obtained through various channels in a manner that is appropriate to the purpose of processing, limited to the processing purpose, proportional, and to the extent required for the performance of the service.
Accuracy of Personal Data and/or Sensitive Personal Data: Çeşit attaches importance to ensuring that personal data and/or sensitive personal data received from individuals and legal entities through various channels does not contain false information and is accurate.
Being Up-to-Date When Necessary: Çeşit places importance on notifying the Company of any changes in personal data and/or sensitive personal data obtained in various ways and updating the data if such changes are communicated.
Processing for Specific and Legitimate Purposes: Çeşit processes data within the scope of the data subject's consent for the execution of commercial activities and the performance of the service. It does not process or use personal data for purposes other than the execution of commercial activities and the performance of the service. It does not permit third parties to use or process such data.
Retention for the Period Stipulated by Law or Required for the Purpose of Processing: Çeşit retains the personal data and/or sensitive personal data it obtains for the periods stipulated by the relevant laws. In this context, it retains contract-based personal data for the statute of limitations periods, the periods required for potential disputes under the relevant laws, and the requirements of Commercial, Obligations, and Tax Laws. When these purposes expire, the data is anonymized, destroyed, or deleted. Such data is deleted and destroyed in accordance with the "Personal Data Retention, Transfer, Deletion, and Anonymization Policy."
4. RIGHTS OF THE DATA SUBJECT UNDER ARTICLE 11 OF THE PERSONAL DATA PROTECTION LAW
Law No. 6698 on the Protection of Personal Data regulates the rights of the data subject in Article 11. Under the Law, the data subject is referred to as the "relevant person" and is granted certain rights regarding the processing of their data. The rights of the relevant person under this article are as follows:
a) To learn whether their personal data is being processed,
b) To request information if their personal data has been processed,
c) To learn the purpose of processing their personal data and whether it is used in accordance with this purpose,
d) To know the third parties to whom their personal data is transferred domestically or abroad,
e) To request the correction of their personal data if it is incomplete or inaccurately processed,
f) To request the deletion or destruction of their personal data under the conditions set forth in Article 7 of the Law titled "Deletion, Destruction, or Anonymization of Personal Data,"
g) To request that third parties to whom their personal data has been transferred be notified of the correction, deletion, or destruction of their data,
h) To object to any unfavorable result arising from the analysis of their processed data exclusively through automated systems,
i) To demand compensation for damages incurred due to unlawful processing of their personal data.
The "Information Request Form Pursuant to Law No. 6698" has been prepared by ÇEŞİT and uploaded to the website to enable you to exercise these rights. You can exercise the aforementioned rights by following the application procedures and principles on our website.
5. DELETION, DESTRUCTION, AND ANONYMIZATION OF PERSONAL DATA
Your personal data and/or sensitive personal data will be deleted, destroyed, or anonymized upon the expiration of the statute of limitations and retention periods stipulated by the Law, the completion of legal proceedings, or the termination of other purpose-related requirements. Such data is deleted and destroyed in accordance with the "Personal Data Retention, Transfer, Deletion, and Anonymization Policy." Deletion, destruction, and anonymization procedures are carried out either upon the request of the relevant data subject or ex officio by Çeşit.
6. PRINCIPLE OF DATA MINIMIZATION
The principle of data minimization, also known as the principle of maximum savings, ensures that personal data and/or sensitive personal data obtained through various channels is processed in the Company's system only to the extent necessary.
The data to be collected by Çeşit is determined in accordance with the purpose and may vary. In this context, data is collected in line with the purpose, and data unrelated to the purpose is not collected. Excess data outside the purpose is not recorded in the Company's system, is deleted, or is anonymized. However, such data may be used for statistical purposes.
7. CONFIDENTIALITY AND SECURITY OF DATA
As Çeşit, we attach great importance to the confidentiality of your personal data and/or sensitive personal data. In this context, any personal data and/or sensitive personal data reaching our Company through any means is confidential. Çeşit respects the confidentiality of such data at every stage of its commercial activities. In this regard, full compliance with this Company Privacy Policy is ensured.
All necessary technical and administrative measures are taken to prevent unauthorized access to personal data and/or sensitive personal data collected through various channels, to avoid harm to the rights of the data subject, and to protect the data. Additionally, we request data protection from the companies with which we share personal data and/or sensitive personal data in compliance with the Law. Furthermore, our software programs are updated and continuously renewed. All technological requirements are met, and compliance with standards is ensured to provide the highest level of protection.
8. DATA ACCURACY
The principle of accuracy is fundamental within Çeşit. Personal data and/or sensitive personal data obtained in various forms are processed and updated upon request. Çeşit takes the necessary measures in this regard.
9. DATA RELIABILITY
The principle of reliability of declared personal data and/or sensitive personal data has been adopted by the Company. Çeşit is not obliged to verify the accuracy of personal data and/or sensitive personal data declared by its customers or individuals and legal entities it interacts with, as this is legally and operationally unfeasible. In this context, all transactions are conducted on the assumption that the declared data is accurate.
10. PURPOSES OF PROCESSING PERSONAL DATA AND/OR SENSITIVE PERSONAL DATA
The processing of personal data and/or sensitive personal data will be carried out in line with the purposes stated in Çeşit's "Disclosure Texts." You can access the Disclosure Texts on Çeşit's website.
11. PROCESSING OF PERSONAL DATA AND/OR SENSITIVE PERSONAL DATA
Çeşit may process your personal data and/or sensitive personal data to conduct its commercial activities, provide services, and achieve legitimate purposes. Such data will never be used for unlawful services or illegitimate reasons.
Special sensitivity is shown regarding the processing of sensitive personal data. Within our Company, the "Personal Data Protection and Processing Policy" is adhered to when processing sensitive personal data. Additionally, all necessary and sufficient measures determined by the Board are taken when processing sensitive personal data.
12. PROCESSING OF PERSONAL DATA AND/OR SENSITIVE PERSONAL DATA FOR ADVERTISING PURPOSES
Prior consent must be obtained from recipients for electronic commercial messages sent for advertising purposes. In this context, electronic commercial messages for advertising purposes can only be sent to individuals who have given prior consent. This matter is explicitly regulated in the "Law on the Regulation of Electronic Commerce" and the "Regulation on Commercial Communication and Commercial Electronic Messages."
Çeşit complies with the provisions of the aforementioned Law when sending electronic commercial messages for advertising purposes. It also adheres to the requirements for obtaining consent and its details in accordance with the Law. Such consent may be obtained through any electronic communication means or in writing in physical form. The key requirement for consent is the existence of a positive declaration of intent by the recipient of the electronic commercial message, along with their electronic communication address and full name.
The consent obtained from the recipient covers all commercial electronic messages sent to their electronic communication addresses for the purpose of marketing the Company's goods and services, promoting the Company, increasing its recognition, and sending celebratory, congratulatory, or similar messages to enhance its visibility.
13. DATA PROCESSING DUE TO THE COMPANY'S LEGAL OBLIGATIONS OR EXPLICITLY STIPULATED BY LAW
Personal data may also be processed without consent if explicitly stipulated by the relevant Law or if required to fulfill a legal obligation set forth by the Law. The type and scope of the processed data must be necessary for the data processing activity permitted by law. In all cases, compliance with the relevant legal provisions is essential.
14. COLLECTION AND PROCESSING OF PERSONAL DATA WITHIN THE SCOPE OF A CONTRACTUAL RELATIONSHIP
If a contractual relationship has been established with customers or potential customers, the data collected under the contract may be used by Çeşit without obtaining additional consent. Such personal data is used for service provision, contract performance, commercial activities, and related necessities. This data may be updated by contacting customers.
15. PERSONAL DATA SHARED WITH BUSINESS-SOLUTION PARTNERS AND COMMERCIAL PARTNERS
Çeşit has adopted the principle of acting in accordance with the Law regarding the sharing of personal data. In this context, it complies with the provisions of the relevant Law when sharing data with business-solution partners and commercial partners.
Çeşit shares only the necessary amount of personal data with business-solution partners and commercial partners under a confidentiality commitment for service provision, business operations, and the sustainability of commercial activities. Business-solution partners and commercial partners are required to take all necessary administrative and technical measures to ensure data security.
16. PERSONAL DATA AND/OR SENSITIVE PERSONAL DATA PROCESSED THROUGH AUTOMATED SYSTEMS
Data obtained through automated systems without the explicit consent of individuals cannot be used against them. Çeşit may make decisions regarding individuals only by using the data in its own systems. In this regard, Çeşit complies with all relevant legal provisions when processing personal data and/or sensitive personal data through automated systems.
17. PERSONAL DATA AND/OR SENSITIVE PERSONAL DATA OF COMPANY EMPLOYEES
PROCESSING WITHIN THE SCOPE OF LEGAL OBLIGATIONS: Employees' personal data may be processed by Çeşit without additional consent if explicitly stipulated by the relevant Law or if required to fulfill a legal obligation set forth by the Law. The processing of such data is limited to the fulfillment of legal obligations.
PROCESSING UNDER THE EMPLOYMENT CONTRACT AND RELATIONSHIP: Employees' personal data may be processed without their consent to the extent necessary for maintaining the employment relationship with the Company, within the principle of proportionality. Çeşit undertakes to protect the confidentiality of employees' data and take all necessary measures in this regard.
PROCESSING OF EMPLOYEES' SENSITIVE PERSONAL DATA: Under Law No. 6698 on the Protection of Personal Data, the processing of sensitive personal data requires the consent of the data subject and the implementation of additional measures determined by the Board. Çeşit obtains the consent of the relevant individual and takes all necessary measures determined by the Board when processing sensitive personal data in compliance with the Law and the Board's principles. However, sensitive personal data may be processed without consent in exceptional cases stipulated by the Law, provided it is limited and proportional.
PERSONAL DATA PROCESSED THROUGH AUTOMATED SYSTEMS: Certain personal data of employees may be processed through automated systems. Such data is used for performance evaluations, statistical records, internal promotions, and scoring within the Company. Employees have the right to object to unfavorable results arising from such processing. Objections must be submitted in accordance with Company rules and procedures. Such objections are evaluated internally.
PROCESSING OF PERSONAL DATA FOR THE BENEFIT OF EMPLOYEES: Employees' personal data may be processed by the Company without consent for transactions benefiting the employee. Additionally, Çeşit may process employees' personal data for disputes related to the employment relationship.
COMPANY TELECOMMUNICATIONS, INTERNET, AND COMMUNICATION: To facilitate work performance, Çeşit may provide employees with computers, phones, cars, applications, software, and email. Çeşit may monitor and audit personal data on the devices it provides.
Employees may not use the devices provided to them for personal purposes. They must use them solely for work-related purposes. Employees also declare and undertake that they will not store any data or information unrelated to work on the devices provided by Çeşit from the commencement of their employment.
18. TRANSFER OF PERSONAL DATA DOMESTICALLY AND ABROAD
Çeşit may share personal data with business-solution partners, commercial partners, and controlling shareholders for service provision and the execution of commercial activities. Additionally, Çeşit may transfer personal data to suppliers in a limited and proportional manner to ensure the provision of outsourced services necessary for commercial activities.
In this context, Çeşit is authorized to transfer personal data domestically and abroad in compliance with the conditions stipulated by the Law and the principles determined by the Board, with the consent of the relevant individual.
19. RIGHTS OF THE DATA SUBJECT REQUESTING INFORMATION
Law No. 6698 on the Protection of Personal Data regulates the rights of the data subject in Article 11. Çeşit acknowledges that the consent of the relevant individual must be obtained before processing data and that the individual has the right to request information, updates, deletion, destruction, or anonymization of their data after processing.
Relevant individuals can submit requests regarding their personal data by accessing the "Information Request Form Pursuant to Law No. 6698" on Çeşit's website. The form must be completed in full, signed with a wet signature (along with a copy of an ID), and submitted via notary, registered mail with return receipt, the Company's registered KEP address, or info@cesitparlatici.com. Applications must be made by the individual concerned. Requests regarding another person's personal data will not be processed. Additionally, information requests made on behalf of another person will not be responded to by the Company. If Çeşit determines that an application has been made on behalf of another person, all legal rights and claims are reserved. Requests will be responded to within thirty (30) days at the latest from the date they reach the Company. The Company may request additional information or documents from the applicant if deemed necessary. Individuals have no rights regarding personal data that has been anonymized within the Company.
20. CONFIDENTIALITY PRINCIPLE
All personal data and/or sensitive personal data of employees and individuals reaching the Company through various channels are confidential. No one may use, reproduce, transfer, or copy personal data and/or sensitive personal data outside the scope of the contract, for non-business purposes, or without legal compliance reasons.
21. AUDIT AND PROCESS SECURITY
All necessary technical and administrative measures are taken to prevent unauthorized access to personal data and/or sensitive personal data collected through various channels, to avoid harm to the rights of the data subject, and to protect the data. Additionally, we request data protection from the companies with which we share personal data and/or sensitive personal data in compliance with the Law. Our software programs are updated, continuously renewed, and improved. All technological requirements are met, and compliance with standards is ensured to provide the highest level of protection. In parallel, the Company conducts all necessary internal and external audits to protect personal data and/or sensitive personal data.
22. NOTIFICATION OF PERSONAL DATA BREACHES
In the event of any breach related to personal data, the Company immediately takes action to address reported breaches and fulfill its obligations. All necessary measures are taken to minimize harm to the relevant individual. In this context, compensation is provided to the extent possible to mitigate damages.
If personal data and/or sensitive personal data is obtained by unauthorized third parties externally, the Company immediately reports the matter to the Personal Data Protection Board. You can report breaches by following the procedures specified on our website. Additionally, to request information about your data, click here for the "Information Request Form Pursuant to Law No. 6698." (LINK WILL BE PROVIDED)
23. UPDATES
Changes made to this Privacy Policy will be listed and displayed in the table below.
