PERSONAL DATA AND PRIVACY POLICY
In case of the web page www.dkdukkan.com owned by Mezura Sağlıklı Beslenme Dan. Ltd. Şti. ("The Company"), the rules in the "Personal Data and Privacy Policy" below apply in addition to the clarification texts regarding "membership, quick membership, and shopping transacrions" on the website.
1. Data Protection
Necessary measures are taken by the Company and/or third parties who receive service by the Company to ensure the security of the data obtained through cookies and the data entered by the visitors/members/customers (hereinafter referred to as the "customer") while browsing the website.
The information entered by the customer on the web page (except for the comments made under the product) is not seen by other customers.
6698s of data entered by the customer. In the case of personal data within the meaning of the Law on the Protection of Personal Data (“Law”), this data is collected following the fulfillment of the obligation to inform by Article 10 of the Law, by providing the legal reasons outlined in Article 5 of the Law.
To protect the data (personal data or not) shared by the customer with the Company, utmost care is given to both employees and third parties that need to be shared. The data is not shared with 3rd parties if it is not required, and when it is required to be shared, it is shared limited to the extent and purpose required by the sharing.
2. Cookies Running on the Web Page
Various types of cookies are used on the website www.dkdukkan.com. These are cookies such as session cookies, persistent cookies, essential cookies, functionality cookies, analytics cookies, commercial cookies, and third-party cookies.
Cookies enable the website to work properly and improve, personalize and improve the user experience, visit the websites without logging in, and/or send commercial-social notifications to the party (even if the internet browser and/or the relevant mobile application is closed, depending on the situation), and These are small pieces of data placed on computers and mobile devices to provide general or customized information, advertisements and promotions to site users-visitors both on the relevant site and on other sites (including social media networks and online advertising networks).
Cookies are kept on computers-devices for a suitable period of time, provided that the legal maximum period, if any, is not exceeded.
Visitors using our site (including mobile versions) accept the above-mentioned application, as well as the processing of the relevant cookies here, in the personal data legislation and other parts of this information text, for the purposes and scope-conditions, stipulated for your various information (including transfer-sharing and use to third parties in this framework). they are deemed to have done.
Visitors can remove cookies and/or stop the aforementioned notifications at any time by editing the settings of the program and/or operating system and/or internet browser on their devices (In this case, it should be known that our Site/related device/program may not work as desired and/or not be aware of the contents of the notification).
3. PAYMENT SECURITY
You can use two types of payment methods for your purchases on the web page: Using a card with a money order. If you pay by wire transfer, the Company does not access any information that would pose a risk to you. If you want to pay by card, the Company, ROT works with licensed payment institutions within the scope of the legislation. To obtain the aforementioned license, a certain security standard must be provided in the sector conditions, and in this sense, the Company aims to make your payment transaction secure.
4. WEBSITES AND LINKS TO OTHER PARTIES
There may be links to other websites and internet channels belonging to 3rd parties on the website of the Company. The Company does not guarantee the security and confidentiality procedures of the platforms to be accessed as a result of these links, and the Company cannot be held responsible for any damages that may occur to the customer.
5. POLICY ON THE PROTECTION OF INTERNAL PERSONAL DATA
Aim
6698s published in the Official Gazette dated 07.04.2016 and numbered 29677. The Personal Data Protection Law ("Law") regulates the principles and procedures to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, and the obligations of natural and legal persons who process personal data, and the procedures and principles to be complied with in the processing of personal data. Policy”) has been prepared to determine the procedures and principles regarding the storage and destruction activities of personal data carried out at the Company. In this sense, the work and transactions regarding the storage and destruction of personal data are carried out by the Policy.
Scope
Personal data belonging to “Company employees, employee candidates, interns, shareholders, supplier employees and officials, product or service buyers, representatives, visitors and other third parties” are within the scope of this Policy and personal data owned or managed by the Company are processed. This Policy applies to all recording media and activities for personal data processing.
Abbreviations and Definitions
- Recipient Group: The natural or legal person category to which personal data is transferred by the data controller.
- Explicit Consent: Consent on a specific subject, based on the information and expressed with free will.
- Anonymization: Making personal data incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching with other data.
- Employee: Company personnel.
- Electronic Media: Environments where personal data can be created, read, changed, and written with electronic devices.
- Non-Electronic Media: All written, printed, visual, etc. other than electronic media. other environments.
- Relevant Person: The natural person whose personal data is processed.
- Relevant User: Persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller, excluding the person or unit responsible for technical storage, protection, and backup of the data.
- Destruction: Deletion, destruction, or anonymization of personal data.
- Law: Law on Protection of Personal Data No. 6698.
- Recording Media: Any media containing personal data that are fully or partially automated or processed non-automatically, provided that it is part of any data recording system.
- Personal Data: Any information relating to an identified or identifiable natural person.
- Personal Data Processing Inventory: Personal data processing activities carried out by data controllers depending on their business processes; The inventory, which they have created by associating the personal data processing purposes and legal reason, the data category, the transferred recipient group, and the data subject group, by explaining the maximum storage period required for the purposes for which the personal data is processed, the personal data to be transferred to foreign countries, and the measures are taken regarding data security.
- Processing of Personal Data: Obtaining, recording, storing, storing, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system, All kinds of operations performed on data such as classification or prevention of use.
- Board: Personal Data Protection Board
- Sensitive Personal Data: Data about people's race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership to associations, foundations or trade unions, health, sexual life, criminal convictions, and security measures. biometric and genetic data.
- Periodic Destruction: The deletion, destruction, or anonymization process that will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy, in case all the processing conditions of personal data in the law are no longer valid.
- Policy: Personal Data Retention and Disposal Policy
- Supplier: A natural or legal person who provides services within the framework of a certain contract with the Company.
- Data Processor: The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.
- Data Registration System: The registration system in which personal data is processed and structured according to certain criteria.
- Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
- Data Controllers Registry Information System: An information system created and managed by the Presidency, accessible over the internet, to be used by data controllers in their application to the Registry and other related transactions.
- VERBIS: Data Controllers Registry Information System
- Regulation: About Deletion, Destruction, or Anonymization of Personal Data. Regulation
DISTRIBUTION OF RESPONSIBILITIES AND DUTIES
All units and employees of the company are responsible for the implementation of the technical and administrative measures taken within the scope of the Policy, the training and awareness of the unit employees, their monitoring and continuous supervision, and the prevention of unlawful processing of personal data, the prevention of unlawful access to personal data, and the prevention of personal data. It actively supports the responsible units in taking technical and administrative measures to ensure data security in all environments where personal data is processed to ensure that it is stored by the law.
RECORDING ENVIRONMENTS
Personal data is kept in the Company's servers, cloud providers, physical archives, and e-mail media.
EXPLANATIONS ON STORAGE AND DISPOSAL
Personal data is kept in the Company's servers, cloud providers, physical archives, and e-mail media. By The Company; Personal data belonging to “company employees, employee candidates, interns, shareholders, supplier employees and officials, product or service buyers, representatives, visitors and employees of other third parties, institutions or organizations contacted” are stored and destroyed by the Law. In this context, detailed explanations regarding storage and disposal are given below, respectively.
Remarks on Storage
In Article 3 of the Law, the concept of processing personal data is defined, in Article 4 it is stated that the processed personal data should be related to the purpose for which they are processed, limited, and measured, and should be kept for the period required for the purpose for which they are processed or as stipulated in the relevant legislation. counted. Accordingly, within the framework of our Company's activities, personal data is stored for a period of time stipulated in the relevant legislation or suitable for our processing purposes.
Legal Reasosns ofr Concealment
Personal data processed by the Company within the framework of the activities are kept for the period stipulated in the relevant legislation. In this context, personal data is stored based on the explicit consent of the person concerned or without the explicit consent of the person concerned, in case of one or more of the following reasons:
a) It is clearly stipulated in the laws,
- 6698s. Personal Data Protection Law,
- 5651s. About Arrangement of Broadcasts on the Internet and Fighting Against Crimes Committed Through These Broadcasts. Law,
- 6331s. Occupational Health and Safety Law,
- 6098s. Turkish Law of Obligations,
- 6102s. Turkish Commercial Law
- 213s. Tax Procedure Law
- 5510s. Social Insurance and General Health Insurance Law,
- 4982s. Freedom of Information Law,
- 3071s. Law on the Use of the Right to Petition,
- 4857s. Business rules,
- 6563s. About Regulation of Electronic Commerce. Law,
- 6502s. Consumer Protection Law,
- This and other laws and secondary legislation related to Company activity
b)It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
c)The person concerned has been made public by himself,
d)İlgili kişinin kendisi tarafından alenileştirilmiş olması,
e)Data processing is mandatory for the establishment, exercise, or protection of a right.
f)Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
Processing Purposes Requiring Storage
The company processes personal data within the framework of its activities for the following purposes:
- Execution of information security processes,
- Execution of candidate/intern/student selection and placement processes
- Execution of the application processes of employee candidates
- Fulfilling the obligations arising from the employment contract and legislation for the employees,
- Execution of fringe benefits and benefits processes for employees,
- Execution of employee satisfaction and loyalty processes,
- Conducting audit and ethical activities,
- Others,
- Execution of training activities,
- Execution of access authorizations,
- Execution of activities by the legislation,
- Execution of finance and accounting works,
- Ensuring physical space security,
- Execution of assignment processes,
- Follow-up and execution of legal affairs,
- Carrying out internal audit/investigation/intelligence activities,
- Execution of communication activities,
- Planning of human resources processes,
- Execution/supervision of business activities,
- Execution of occupational health/safety activities,
- Receiving and evaluating suggestions for improvement of business processes,
- Carrying out activities to ensure business continuity,
- Execution of goods/service purchasing processes,
- Execution of goods/service production and operation processes,
- Execution of goods/service sales processes,
- Execution of customer relationship management processes
- Organization and event management,
- Execution of performance evaluation processes,
- Execution of risk management processes,
- Execution of storage and archive activities
- Execution of social responsibility and civil society activities,
- Execution of contract processes,
- Execution of strategic planning activities,
- Follow-up of requests/complaints,
- Ensuring the security of data controller operations,
- Execution of investment processes,
- Carrying out talent/career development activities,
- Providing information to authorized persons, institutions, and organizations,
- Creation and tracking of visitor records
Reasons for Destruction
Personal Data;
- Changing or repealing the provisions of the relevant legislation, which is the basis for processing,
- The disappearance of the purpose that requires processing or storage,
- In cases where the processing of personal data takes place only based on explicit consent, the data subject withdraws his explicit consent,
- The Company accepts the application made for the deletion and destruction of personal data within the framework of the rights of the person concerned, under Article 11 of the Law,
- In cases where the company rejects the application made by the person concerned for the deletion, destruction, or anonymization of his personal data, finds the answer insufficient or fails to respond within the time stipulated in the Law; Making a complaint to the Board and this request being approved by the Board,
- In cases where the maximum period requiring the storage of personal data has passed and there is no condition to justify keeping the personal data for a longer period, it is deleted, destroyed or ex officio deleted, destroyed, or anonymized by the Company upon the request of the person concerned.
TECHNICAL AND ADMINISTRATIVE MEASURES
By Article 12 of the Law and the fourth paragraph of Article 6 of the Law, the Company provides technical assistance within the framework of adequate measures determined and announced by the Board for personal data to be stored securely, to prevent unlawful processing and access, and to destroy personal data by the law. and administrative measures are taken.
PERSONAL DATA DISPOSAL TECHNIQUES
At the end of the period stipulated in the relevant legislation or the storage period required for the purpose for which they are processed, personal data is destroyed by the Company or upon the application of the person concerned, again by the provisions of the relevant legislation, by using the "deletion, destruction or anonymization" technique that is suitable for the Company.
STORAGE AND DISPOSAL TIMES
Personal data processed by the Company within the framework of the activities are kept for the period stipulated in the relevant legislation..
PERIODIC DISPOSAL TIME
Under Article 11 of the Regulation, the Company has determined the period of periodic destruction as 6 months. Accordingly, periodic destruction is carried out at the Company in June and December each year. All employees are obliged to ensure that the data under their control is destroyed by this policy. In this context, they are obliged to notify those responsible for destruction at the end of their storage period.
PUBLICATION AND STORAGE OF THE POLICY
The policy is kept in the relevant file, which is kept with the Company, as a wet-signed (printed paper).
UPDATE PERIOD OF THE POLICY
The policy is reviewed as needed and the necessary sections are updated.
EFFECT AND REVOCATION OF THE POLICY
The policy is deemed to have entered into force on the date of signature.
If it is decided to be repealed, the old copies of the Policy with wet signatures are canceled by the Company's Board of Directors with the decision of the Company's Board of Directors and signed by the Company's Board of Directors (with an annulment stamp or an annulment) and are kept with the Company for at least 5 years.