KVKK TEXT
- Entrance
Pursuant to Article 20 of the Constitution of the Republic of Turkey, everyone has the right to demand the protection of their personal data. This right includes being informed about the personal data about the person, accessing these data, requesting their correction or deletion and learning whether they are used for their purposes.
The Law on Protection of Personal Data No. 6698 ( “KVK Law” ) regulates the protection of fundamental rights and freedoms of individuals in the processing of personal data, and the obligations of natural and legal persons who process personal data, as well as the procedures and principles to be followed. The purpose of this Policy, prepared in this direction, is to ensure compliance with the obligations of the KVK Law regulations.
With the policy; It is aimed to protect the personal data of Customers, Employee Candidates, Natural Person Contract Manufacturers, Legal Entity Contract Manufacturers' Employees, Employees, Workplace Physician, Visitors, Employees, Shareholders and Officials of the Institutions We Collaborate with, and Third Parties. It is managed under the Company Employees' Personal Data Protection and Processing Policy, which was written in parallel with the principles in this Policy regarding the protection of the personal data of our employees.
In case of conflict between the KVK Law and other relevant legislation and the Company's Personal Data Protection and Processing Policy, the applicable legislation will apply.
Mysa Moon Moda Tasarım Tekstil Ürünleri Sanayi ve Dış Ticaret Limited Şirketi ( “Company” ), in order to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data, and to regulate the obligations and the procedures and principles to be followed by real and legal persons processing personal data. Data Protection and Processing Policy ( “Policy” ) has been prepared.
With the policy, it is aimed to continue and develop the activities carried out by the Company in accordance with the principles of the KVK Law and to inform the personal data owners.
Data owners whose personal data are processed within the scope of this Policy are categorized as follows:
Employee Candidates |
Natural persons who make their CV and related information accessible to the Company by applying for a job or by any other means. |
Employees |
Persons who have an ongoing business relationship with the company |
Former Employees
|
Former employees whose employment relationship with the company has ended |
Real Person Contract Manufacturers |
Natural persons or sole proprietorships from whom we receive contract manufacturing services |
Shareholders |
Company shareholders |
Employees of the Institutions We Collaborate With |
Employees of real or legal persons with whom we cooperate, apart from contract manufacturing |
Occupational Physician |
Occupational physician working for the company |
customers |
People who shop on the company website or store |
Employees of Legal Entity Contract Manufacturers |
Employees of legal entities that we receive contract manufacturing services from |
Authorities |
Executives in the senior management of the company |
Third Parties |
Although not defined in the Policy, the guarantor, family members, etc., whose personal data are processed within the framework of this Policy. other natural persons, including but not limited to |
visitors |
Real persons who have entered the physical facilities of the Company for various purposes or visited the websites |
The definitions used in this Policy are as follows:
express consent |
Consent on a particular subject, based on information and expressed with free will |
Anonymization |
Making personal data incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching with other data. |
Personal health data
|
Any health information relating to an identified or identifiable natural person |
Personal data
|
Any information relating to an identified or identifiable natural person |
Processing of personal data |
Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data completely or partially by automatic or non-automatic means provided that it is a part of any data recording system. All kinds of operations performed on data, such as blocking |
KVK Law |
Law No. 6698 on the Protection of Personal Data |
KVK Board |
Personal Data Protection Board |
KVK Institution |
Personal Data Protection Authority |
Special categories of personal data |
Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data |
TCK |
Turkish Penal Code No. 5237 |
data processor |
The natural or legal person who processes personal data on behalf of the data controller based on the authority given by him. |
Personal data owner |
The natural person whose personal data is processed and who is deemed to be the “relevant person” in the KVK Law |
Data Owner Application Form |
The application form to be used by the personal data owners whose personal data are processed within the company when using their applications regarding their rights described in Article 11 of the KVK Law. |
data controller |
The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system |
Data Controllers Registry |
Registry of data controllers kept by the Personal Data Protection Board |
Data Inventory |
Personal data processing activities carried out by the Company in connection with its business processes; The inventory created and detailed by associating with the personal data processing purposes, the recipient group to which the personal data is transferred and the relevant personal data owner group |
Pursuant to Article 3 of the KVK Law, obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over personal data in whole or in part automatically or by non-automatic means provided that it is a part of any data recording system, All kinds of operations carried out on the data, such as making it available, classifying or preventing its use, are within the scope of processing personal data.
It is obligatory to comply with the following principles in the processing of personal data:
- Compliance with the law and honesty rules
Our company carries out its personal data processing activities in accordance with the law and honesty rules, in accordance with the Constitution, the KVK Law and the relevant legislation.
- Being accurate and up-to-date when needed
All kinds of administrative and technical measures are taken to ensure the accuracy and up-to-dateness of personal data while processing personal data by our company.
- Processing for specific, explicit and legitimate purposes
Before starting the processing of personal data, our company clearly and precisely determines the legitimate purpose of processing personal data within the framework of the clarification texts.
- Being connected, limited and restrained with the purpose for which they are processed
Personal data is processed by our company as necessary to achieve the determined purposes. Data processing is not carried out with the assumption that it can be used later.
- To be stored for the period required by the relevant legislation or for the purpose for which they are processed.
Our company stores personal data for a limited period of time stipulated in the KVK Law and relevant legislation or for the purposes required for data processing.
Our company can process personal data and sensitive personal data with the explicit consent of the personal data owner or without explicit consent in cases stipulated in Articles 5 and 6 of the KVK Law.
6.1. Processing of Personal Data
As a rule, our company processes your personal data based on your explicit consent. On the other hand, it carries out personal data processing activities without your explicit consent in accordance with the data processing conditions set forth in Article 5 of the KVK Law:
- expressly stipulated in the law.
- It is compulsory for the protection of the life or physical integrity of the person or another person, who is unable to express his consent due to actual impossibility or whose consent is not legally valid.
- It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract.
- It is mandatory for our company to fulfill its legal obligations.
- The personal data has been made public by the owner himself.
- Data processing is mandatory for the establishment, exercise or protection of a right.
- Data processing is mandatory for the legitimate interests of our Company, provided that it does not harm the fundamental rights and freedoms of the personal data owner.
6.2. Processing of Private Personal Data:
Our company carries out the processing of personal data of special nature, which carries the risk of discrimination when processed unlawfully, in accordance with the data processing conditions set forth in Article 6 of the KVK Law. In addition, it is also necessary to take adequate measures determined by the KVK Board in the processing of personal data of special nature. It is prohibited to process sensitive personal data without the explicit consent of the personal data owner. However, in the following cases, special categories of personal data may be processed without the explicit consent of the personal data owner:
- Processing of Personal Health Data:
Personal health data; (i) to take adequate measures to be prescribed by the Ministry of Health, (ii) to act in accordance with general principles, (iii) to be under confidentiality obligation, in the presence of one of the conditions listed below:
- Written express consent of the personal data owner
- Taking adequate measures as an employer for occupational health and safety and complying with the obligations arising from the legislation,
- Protection of public health
- Preventive medicine
- Execution of medical diagnosis, treatment and care services,
- Planning and management of health services and financing
- Processing of Private Personal Data Other than Health and Sexual Life
The data within this scope will be possible with the explicit consent of the personal data owner or in cases stipulated by the laws.
In accordance with Article 12 of the KVK Law, our company takes all necessary technical and administrative measures to prevent the unlawful processing and access of the personal data it processes, and to ensure the appropriate level of security in order to ensure the protection of personal data.
7.1. Technical Measures Taken to Ensure Legal Processing of Personal Data and to Prevent Unlawful Access
The company has taken all kinds of technical and technological security measures to protect your personal data and has protected your personal data against possible risks.
Technical measures are taken in accordance with the developments in technology, the measures taken are periodically updated and renewed. There is software and hardware that includes virus protection systems and firewalls. Employees are informed that they cannot disclose the personal data they have learned to others in violation of the provisions of the Law, and that they cannot use it for purposes other than processing, and that this obligation will continue after they leave their job, and accordingly, necessary commitments are taken from the employees and policies including the rules to be followed in the workplace are published. Systems suitable for technological developments are used to store personal data in secure environments.
Administrative Measures Taken to Ensure Legal Processing of Personal Data and to Prevent Unlawful Access
- Training and raising awareness of company employees regarding the KVK Law,
- In cases where personal data transfer is in question, ensuring that a record is added to the contracts concluded with the persons to whom the personal data is transferred, indicating that the party to which the personal data is transferred will fulfill the data security,
- Determining what needs to be fulfilled in order to comply with the KVK Law and preparing internal policies for their implementation,
- Using software and hardware including virus protection systems and firewalls to prevent unauthorized access.
7.2. Measures to be Taken in Case of Unlawful Disclosure of Personal Data
In the event that the processed personal data is obtained by others illegally despite the necessary security measures taken, our Company will notify the data owner and the KVK Board within 72 hours from the date of learning about this situation through the contact information of our Company.
8.1. Purposes of Processing Personal Data
Personal data before our company; planning and execution of commercial activities, providing legal information to authorized institutions and organizations, obtaining technological services on issues that are not directly provided by us and not within our area of expertise, financial agreement with our business partners and/or third parties regarding our products and services, execution of financial reporting and risk management transactions/ follow-up, execution/follow-up of legal business and transactions, realization of company and partnership law transactions, planning and execution of audit activities necessary to ensure that the activities are carried out in accordance with our Company's procedures and relevant legislation, planning and execution of corporate sustainability activities, carrying out studies for the protection of our company's reputation, request and complaint processes, planning and executing corporate governance and communication activities, delivering the product you have purchased, issuing invoices, sending commercial electronic messages if you give your consent, organizing campaigns within the scope of the loyalty card program and processing points if you are a member of the loyalty card program methods such as resolving product complaints, personalizing our advertising and marketing communications and making them more relevant to you and improving them, customizing, measuring and improving the website and our services, analyzing the performance of our marketing campaigns via e-mail, e-mail open and click rates. In order to monitor and improve the information security of the website, to enable you to see advertisements about our website and services on third-party websites, in connection with the law and honesty rules and the purpose for which they are processed, limited and measured, as long as required by the relevant legislation or for the purpose for which they are processed. will be processed in accordance with the conservation principles.
8.2. Retention Periods of Personal Data
Our company determines whether a period is foreseen in the relevant legislation for the storage of personal data. If a period is stipulated in the relevant legislation, it complies with this period; if a period is not foreseen, it will keep the personal data for the period necessary for the purpose for which they are processed. If the purpose of processing personal data has expired and the storage periods determined by the relevant legislation and/or our Company have come to an end, they can be stored only to provide evidence in possible legal disputes, to assert the relevant right related to personal data or to establish a defense. Personal data is not stored by our Company, based on the possibility of its use in the future.
Pursuant to Article 7 of the KVK Law, although the personal data has been processed in accordance with the relevant legislation, the personal data is deleted, destroyed or anonymized by our Company, ex officio or upon the request of the personal data owner, in case the reasons for processing are no longer valid.
The procedures and principles regarding this matter will be fulfilled in accordance with the KVK Law and the Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated 28.10.2017 and numbered 30224.
In the first periodical destruction process following the date of our obligation to delete, destroy or anonymize personal data, it deletes, destroys or anonymizes personal data.
Personal data will be deleted, destroyed or anonymized within 3 (three) months following the date of our obligation to delete, destroy or anonymize personal data.
The time interval during which periodic destruction will be carried out is six months.
When you request the deletion or destruction of your personal data by applying to our company;
- a) If all the conditions for processing personal data have disappeared; Your personal data subject to the request is deleted, destroyed or anonymized. Your request will be finalized within thirty days at the latest and you will be informed.
- b) If all the conditions for processing personal data have been removed and the personal data subject to the request has been transferred to third parties, it notifies the third parties; It is ensured that the necessary actions are taken within the scope of the regulation.
- c) If all the conditions for processing personal data have not been eliminated, your request may be rejected by explaining the reason in accordance with the third paragraph of Article 13 of the KVK Law and the rejection will be notified to you in writing or electronically within thirty days at the latest.
9.1. Deletion and Destruction Techniques of Personal Data
Deletion of personal data is the process of making personal data inaccessible and non-reusable for relevant users.
Destruction of personal data is the process of making personal data inaccessible, unrecoverable and unusable by anyone in any way.
Example: physical destruction, secure deletion from software, expert secure deletion, etc.
Techniques for Anonymization of Personal Data
It means making personal data in a way that cannot be associated with an identified or identifiable natural person under any circumstances, even by matching with other data.
Example: masking, data derivation, aliasing, aggregation, data hashing , etc.
Third Parties and Purposes of Transfer of Personal Data
The procedures and principles to be applied in personal data transfers are regulated in Articles 8 and 9 of the KVK Law, and the personal data and sensitive personal data of the personal data owner can be transferred to third parties in the country and abroad. In order to perform its services, your personal data is limited to the Law and other legislation (Law No. 1774 on Identification, Law No. 6502 on the Protection of Consumers and other regulations related to these laws, regulations of supervisory and regulatory institutions and organizations, and situations required by public authorities). The Company's infrastructure providers, trainers, third parties, travel agencies, legal entities providing e-archive, e-waybill and e-invoice services, e-ledger, e-waybill and e-invoice. It can be shared with legal entities providing archive services, server service received from abroad for our websites, insurance companies, banks/financing companies, collection receivable companies for the collection of receivables, workplace doctor, real and legal persons with whom we have a proxy relationship, and our business partners. However, in any case, except for the exceptional cases listed in the KVK Law, personal data cannot be transferred without the explicit consent of the personal data owner.
9.2. Domestic Transfer of Personal Data
In accordance with Article 8 of the KVK Law, the transfer of personal data in the country will be possible provided that one of the conditions specified in the 6th section of this Policy, titled “Personal Data Processing Conditions” is met.
9.3. Transfer of Personal Data Abroad
In accordance with Article 9 of the KVK Law, in case personal data is transferred abroad, one of the following conditions is sought, in addition to fulfilling the conditions for domestic transfers:
- Counting the country to be transferred among the countries with adequate protection declared by the KVK Board
- In the event that there is no adequate protection in the country to which the transfer will be made, the data controllers in Turkey and in the relevant foreign country must undertake in writing an adequate protection and have the permission of the KVK Board.
Data is transferred abroad (Germany and USA) by our company.
9.4. Person Groups to which Personal Data are Transferred by Our Company
Our company may transfer the personal data of personal data owners within the scope of this Policy to the following groups of persons in accordance with Articles 8 and 9 of the KVK Law, within the framework of the stated purposes:
PERSON GROUPS |
DEFINITION |
PURPOSE OF TRANSFER |
Legally Authorized Public Institutions and Organizations |
Public institutions and organizations authorized to receive the information and documents of our Company in accordance with the provisions of the relevant legislation |
Limited to the purpose requested by the relevant public institutions and organizations within the framework of their legal authority. |
Legally Authorized Private Law Persons |
Private law persons authorized to receive information and documents from our Company in accordance with the provisions of the relevant legislation |
Limited to the purpose requested by the relevant private legal persons within their legal authority. |
In accordance with Article 10 of the KVK Law, personal data owners should be informed during the collection of personal data. In this context, our Company fulfills its obligation to inform on the following issues:
- Title of our Company as data controller
- For what purpose personal data will be processed
- To whom and for what purpose the processed personal data can be transferred
- Method and legal reason for collecting personal data,
- 12.1 of this Policy titled “Right of Application”. The rights of the personal data owner specified in the section
- Rights of Personal Data Owners and Use of These Rights
In accordance with Article 13 of the KVK Law, the evaluation of the rights of the personal data owners and the necessary information to the personal data owners are made through the Company Personal Data Application Form as well as this Policy. Personal data owners can send us their complaints or requests regarding the processing of their personal data within the framework of the principles specified in the relevant form.
In accordance with Article 11 of the KVK Law, anyone whose personal data is processed can apply to our Company and make requests regarding the following issues:
- Learning whether personal data is processed or not,
- If personal data has been processed, requesting information about it,
- To learn the purpose of processing personal data and whether they are used in accordance with the purpose,
- Learning the third parties whose personal data are transferred in the country or abroad,
- Requesting correction of personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
- Requesting their deletion, destruction or anonymization in the event that the reasons requiring the processing of personal data disappear, and requesting the notification of the transaction made in this context to the third parties to whom the personal data has been transferred,
- Objecting to the emergence of a result against the data owner by analyzing the processed data exclusively through automated systems,
- To request the compensation of the damage in case of loss due to unlawful processing of personal data.
11.2. Situations Outside the Scope of the Right to Apply
Pursuant to Article 28 of the KVK Law, personal data owners will not be able to assert their rights in the following cases:
- Processing of personal data by real persons within the scope of activities related to themselves or family members living in the same residence, provided that they are not given to third parties and that the obligations regarding data security are complied with.
- Processing personal data for purposes such as research, planning and statistics by making them anonymous with official statistics.
- Processing of personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or does not constitute a crime.
- Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order or economic security.
- Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.
Pursuant to paragraph 2 of Article 28 of the KVK Law, data owners will not be able to assert their rights in the following cases, with the exception of the right to demand the compensation of the damage:
- The processing of personal data is necessary for the prevention of crime or for criminal investigation.
- Processing of personal data made public by the person concerned.
- Personal data processing is required by the authorized and authorized public institutions and organizations and professional organizations in the nature of public institutions for the execution of supervisory or regulation duties and for disciplinary investigation or prosecution based on the authority granted by the law.
- The processing of personal data is necessary for the protection of the economic and financial interests of the State with regard to budgetary, tax and financial matters.
In accordance with Article 13 of the KVK Law, our Company will conclude the application requests made by the personal data owner as soon as possible and within 30 (thirty) days at the latest, free of charge, depending on the nature of the request. Pursuant to Article 13 of the KVK Law, your application must be submitted to our Company in writing or by other methods determined by the KVK Board.
The application of the personal data owner may be rejected in the following cases:
- Preventing other people's rights and freedoms
- Requires disproportionate effort
- Information being publicly available
- Compromising the privacy of others
- Existence of one of the situations out of scope pursuant to the KVK Law
- Personal Data Processing Activities within the Company and Data Processing Activities on the Website
12.1. In-house Camera Monitoring
In order to protect the interests of our company and other people in ensuring the safety of our company and our factory, camera monitoring is carried out.
In line with the regulations in the KVK Law, this Policy is published by our Company on our website regarding the camera monitoring activity and a notification letter stating that monitoring is done is posted at the entrances of the areas where monitoring is performed.
There is no monitoring in areas that may result in interference with the privacy of the person. Only a limited number of Company employees and, if needed, security company employees who are suppliers can access the security camera recordings. The said persons who have access to the records declare that they will protect the confidentiality of the data they access with the confidentiality agreement they signed.
12.2. Entries and Exits of Persons Visiting the Company
Personal data processing activities are carried out to monitor the entrance and exit of our guests who visit our company. While obtaining the name-surname information of the people who come to our company, the said data is only processed for this purpose and the relevant personal data is recorded in the registration system in the physical environment.
Internet movements within the site are recorded so that the visitors of our company's website can display customized content and perform online advertising activities (technical means, for example, cookies) so that they can perform in accordance with the purposes of their visit. Detailed explanations about these activities of our company are included in the Privacy Policy texts on our website.
- customers
In the event that people who create a membership on the website or shop without being a member, create an account on the website; name, surname, gender, date of birth, e-mail address information; name, surname, e-mail, telephone number, address and credit card information in case of shopping on the website; Cookies are uploaded to the electronic device through the browser used and the IP number is in addition to the above, planning and execution of commercial activities, providing legal information to authorized institutions and organizations, receiving technological services that are not directly provided by us and that are not within our field of expertise, our business partners and / or third parties to our products and services. Planning and execution of the necessary audit activities to ensure that the activities are carried out in accordance with our Company's procedures and relevant legislation, corporate sustainability planning and execution of activities, carrying out studies to protect the reputation of our company, management of request and complaint processes, planning and execution of corporate governance and communication activities, delivery of the product you have purchased, issuance of invoice, sending commercial electronic messages if you give your consent, loyalty card program If you are a member of the loyalty card program, organizing campaigns and processing points, resolving product complaints, personalizing our advertising and marketing communications and making them more relevant to you, customizing, measuring and improving our website and services, It is processed in order to measure the performance of the website by using methods such as analyzing e-mail open and click-through rates, to monitor and improve the information security of the website, and to enable you to see advertisements about our website and services on third-party websites.
- Personal Data Protection Office
In order to fulfill the obligations in the KVK Law, the company makes the necessary assignments within the company for the implementation of the issues specified in this Policy and establishes the procedures accordingly. The Personal Data Protection Office has been established by the Company to manage this Policy and the procedures related to this Policy within the scope of the KVK Law. The office is responsible for allocating the necessary duties to raise awareness within the Company, following the audits to be made, taking the necessary actions for the resolution of the applications of the relevant persons, carrying out the relations with the KVK Institution, etc. has duties.
This Policy may be revised by the Company when deemed necessary. In case of revision, the most up-to-date version of the Policy will be posted on the Company's website.