Privacy Policy
SİEDRES TEKSTİL SANAYİ VE TİCARET ANONİM ŞİRKETİ
PERSONAL DATA PROTECTION, PROCESSING AND DISPOSAL POLICY
INTRODUCTION
As Siedres Tekstil Sanayi ve Ticaret Anonim Şirketi ("Siedres" or "Company"), we respect and care about the security of your personal data and the privacy of your private life. We bring to your attention this Personal Data Protection, Processing and Destruction Policy ("Policy"), which is prepared to inform you about the processing, transfer, storage and destruction of your personal data that you have shared with us and your rights regarding the use and protection of your personal data within the scope of the Personal Data Protection Law No. 6698 ("KVKK" or "Law").
As explained in this Policy, your personal data may be recorded, archived, updated, transferred, classified and processed in the ways listed in the KVKK and the relevant legislation within the scope of the relevant legislation.
With this Policy, we have tried to provide you with all information regarding the processing of personal data in a clear and understandable manner. If you have any questions about our use of your personal data after reading the Policy, you can always contact us using the contact information below.
Siedres Tekstil Sanayi ve Ticaret Anonim Şirketi
Address: Merkez Mah. Bağlar Cad. No: 14C/6 Kagithane, Istanbul
Telephone Number: +90 850 242 64 69
E-mail Address: info@siedres.com
Web Address: www.siedres.com
The scope of this Policy applies to the processing, protection and destruction of all personal data of you, the data subject. This Policy applies to all recording environments where your personal data owned or managed by us are processed and to our activities for the processing of your personal data.
Commercial Communication Processes
If you give commercial communication permission/explicit consent, we process your identity (name-surname) and contact (phone number, e-mail address, address information) information for the purposes of general or personalized campaigns, advantages, promotions, advertisements, notifications, marketing activities and commercial communication activities (SMS, e-mail, call, etc.) for you, conducting surveys for customer satisfaction regarding our products and services, campaigns, contests, sweepstakes, invitations, invitations to openings and other events.
Sales Processes
We process your identity (name-surname, tax number if you are a corporate customer), contact (e-mail, mobile phone), customer transaction (offer, order, cargo information), billing information and the institution you work for the purposes of sending your products to you, communicating with you when necessary and regarding new order processes.
Legal Processes and Internal Activities
We process your identity, communication, shopping, billing and transaction security (log records) information in order to fulfill our obligations arising from the legislation and to fulfill our other legal obligations to authorized and authorized public institutions and organizations.
For the purposes of exercising all kinds of litigation, response and objection rights against official institutions and organizations such as courts, enforcement offices, arbitral tribunals in case of disputes arising, conducting negotiation and agreement processes regarding disputes, providing you with the necessary information if you request information from us, and internal audit, internal control and reporting, testing, We process your identity (name-surname), contact (telephone number, e-mail address, address), shopping, invoice, transaction security information (website membership, website purchases, log records regarding permission/explicit consent/contract approval within the scope of commercial communication) and legal transaction information (correspondence and file information regarding dispute processes) within the scope of development and improvement studies.
We process your identity, contact, shopping and order information and transaction security information in order to prevent the use of our website and other Siedres systems in violation of membership agreements, legislation and morality, to detect suspicious transactions and illegal uses, to block and unblock transactions.
We transfer your personal data to third parties only for the purposes specified in this Policy and in accordance with Articles 8 and 9 of KVKK.
In order for you to benefit from the services we provide in accordance with KVKK, your personal data that you share with us are shared with our business partners, natural persons or private legal entities and authorized institutions and organizations. In this context, the third parties to whom your personal data are transferred, and the purposes of transfer are as follows:
- With auditors during ordinary and special audits;
- With our legal advisors for the follow-up of receivables, execution of legal processes and protection of our company's interests;
- Public institutions and organizations authorized to request data;
- With the security company that automatically shares the camera recordings taken to ensure the security of the physical space;
- With the building security team, where visitor lists are shared regularly to ensure physical space security and entry and exit;
- With our service providers, agents and domestic and international business partners for the execution of transactions within the scope of the Siedres website;
- With our service provider supplier for the purpose of sending commercial electronic messages; and
- With our suppliers and business partners that we receive support within the scope of website visitor and member customer satisfaction processes.
In accordance with the law, we process your personal data in the categories of identity, contact information, website visitor and member customer transactions, finance, audio and visual records, transaction security. In terms of company employees, we also process your personal data in the categories of professional experience, education and personal data.
On our website, your internet movements within the site are recorded by technical means (e.g. cookies) in order to fulfill the obligations in the relevant legislation or to ensure that your visits to the site are carried out in accordance with your visit purposes; to show you customized content and to engage in online advertising activities. Campaigns are organized on the website we own and the websites of our business partners and personal data can be processed in these areas. We take the necessary technical and administrative measures regarding the protection and processing of personal data in relation to these activities we have carried out and inform you with detailed information texts on the relevant website.
We process your personal data for specific, explicit and legitimate purposes in accordance with the regulation in the KVKK, in accordance with the law and good faith, accurately and updated when necessary. Your processed personal data are processed in accordance with the principles of being connected, limited and proportionate to the purpose for which they are processed and are retained for the period stipulated in the relevant legislation or required for the purpose for which they are processed.
Your personal data is securely stored in accordance with the law in the environments listed below:
Electronic Media |
Non-Electronic Media |
|
|
We store and destroy your personal data in accordance with the KVKK for the following legal reasons.
Your personal data processed within the framework of our activities are kept for the periods stipulated in the relevant legislation. In this context, your personal data can be processed for;
- Ensuring the continuation of the contractual relationship,
- Realization of commercial activity,
- Fulfillment of Siedres' legal obligations,
- Turkish Commercial Code No. 6102,
- Turkish Code of Obligations No. 6098,
- Law No. 6698 on the Protection of Personal Data,
- Law No. 6563 on the Regulation of Electronic Commerce,
- Banking Law No. 5411,
- Law No. 5510 on Social Security and General Health Insurance,
- Law No. 6331 on Occupational Health and Safety,
- Labor Law No. 4857,
- Law No. 6502 on Consumer Protection,
- Law No. 4054 on the Protection of Competition,
- Income Tax Law No. 193, and
- retention periods stipulated under other secondary regulations in force pursuant to these laws.
We store your personal data that we process within the framework of our activities for the following purposes:
- Conduction / supervising commercial activities,
- Carrying out human resources processes,
- Carrying out the Company's service and goods procurement, sales and marketing activities and to provide the necessary communication within this scope,
- Execution of after-sales support services for goods/services,
- Ensuring corporate communication,
- Ensuring company security and transaction security,
- Doing financial and statistical studies,
- Performing works and transactions within the framework of concluded contracts and protocols,
- Ensuring that legal obligations are fulfilled as required or mandated by legal regulations,
- Liaising with real/legal persons with whom we have a business relationship,
- Making legal reports,
- Managing customer/member processes,
- Executing risk management processes,
- Executing / supervising access authorizations,
- Managing fairs, organizations and other events,
- Executing advertising / campaign / promotion processes,
- Conducting selection and placement processes for the relevant person,
- Carrying out activities to ensure business continuity,
- Conducting performance evaluation processes,
- Carrying out storage and archive activities,
- Conducting talent/career development activities,
- Providing the burden of proof as evidence in future legal disputes.
In the cases listed below, it is accepted that the conditions for processing your personal data have disappeared:
- Amendment or abolition of the provisions of the relevant legislation that constitute the basis for processing personal data,
- The contract between the parties has never been established, the contract is not valid, the contract is automatically terminated, the contract is terminated or the contract is revoked,
- The purpose requiring the processing of personal data disappears,
- Processing of personal data is contrary to the law or good faith,
- In cases where the processing of personal data takes place only based on explicit consent, the data subject's withdrawal of consent,
- Acceptance by the data controller of the application made by the data subject regarding the personal data processing activity within the framework of the rights in subparagraphs (e) and (f) of Article 11 of the KVKK,
- In cases where the data controller rejects the application made by the data subject with the request for the deletion or destruction of personal data, the response is found insufficient or does not respond within the period stipulated in the KVKK; In case of a complaint to the KVK Board and this request is approved by the KVK Board,
- Although the maximum period for retaining personal data has elapsed, there are no circumstances that justify retaining personal data for a longer period,
- The disappearance of the conditions requiring the processing of personal data in Articles 5 and 6 of the KVKK.
In these cases, your personal data are deleted, destroyed or anonymized ex officio or upon your request in accordance with the periods specified in this Policy.
At the end of the period stipulated in the relevant legislation or at the end of the retention period required for the purpose for which they are processed, your personal data are destroyed by us ex officio or upon your application by the following techniques in accordance with the provisions of the relevant legislation.
Data Recording Environment |
Description |
---|---|
Personal Data on Servers |
For your personal data on the servers, deletion is made by the system administrator by removing the access authorization of the relevant users for those whose retention period has expired. |
Personal Data in Electronic Media |
Those of your personal data stored in electronic media whose period of retention has expired shall be made inaccessible and non-reusable in any way for employees (relevant users) other than the database administrator. |
Personal Data in Physical Environment |
For your personal data kept in the physical environment, those that expire, except for the unit manager responsible for the document archive, are rendered inaccessible and non-reusable in any way for other employees. In addition, the blackout process is also applied by scratching/painting/erasing in such a way that it cannot be read. |
Personal Data on Portable Media |
Your personal data stored in flash-based storage media, which expire after the period of time required for storage, are encrypted by the system administrator and stored in secure environments with encryption keys, with access authorization given only to the system administrator. |
Data Recording Environment |
Description |
Personal Data in Physical Environment |
Those of your personal data in paper media whose retention period has expired are irreversibly destroyed in paper shredding machines. |
Personal Data in Optical / Magnetic Media |
Physical destruction of your personal data on optical media and magnetic media, such as melting, incineration or pulverization, is applied to those whose retention period has expired. |
We anonymize the data that can be used in statistics and reporting. Within the scope of anonymization, your personal data is rendered unassociable with an identified or identifiable natural person, even by appropriate techniques in terms of the recording medium and the relevant field of activity, such as the return of data by us or third parties and/or the matching of data with other data.
Your processed personal data are processed in accordance with the principles of being connected, limited and proportionate to the purpose for which they are processed and are retained for the period stipulated in the relevant legislation or required for the purpose for which they are processed. Regarding your personal data being processed within the scope of our activities;
- Retention periods on personal data basis for all personal data within the scope of activities carried out depending on the processes in the data inventory; and
- Process-based retention periods are included in this Policy.
These retention periods are updated by us if necessary. At the end of the retention periods, the relevant data is deleted, destroyed or anonymized within six (6) months, which is the periodic destruction period. Accordingly, we perform periodic destruction in June and December each year.
Retention and Destruction Periods by Process:
Process |
Storage Time |
Destruction Period |
---|---|---|
Human Resources Processes (Employees) |
10 years - From the termination of the employment relationship. Within the scope of Law No. 6331. |
At the first periodic destruction following the end of the storage period. |
Employee Candidate Evaluation Processes |
3 years - from the end of the negotiation. |
At the first periodic destruction following the end of the storage period. |
Conclusion of Contracts with Service Providers, Processing of Contracts and Communication |
10 years - from the termination of the contractual relationship. |
At the first periodic destruction following the end of the storage period. |
Website Visitor / Member Customer Transactions - Website Visitor / Member Customer Financial Analysis - Service Analysis |
10 years - from the termination of the contractual relationship. |
At the first periodic destruction following the end of the storage period. |
Marketing Activities |
10 years - from the termination of the contractual relationship. |
At the first periodic destruction following the end of the storage period. |
Emergency - Risk Management and Accident Reporting |
10 years - from the termination of the contractual relationship. |
At the first periodic destruction following the end of the storage period. |
Resolving Website Visitor / Member Customer Complaints Received via social media or E-Mail |
5 years - From the resolution of customer/member complaints. |
At the first periodic destruction following the end of the storage period. |
Incoming Notifications |
10 years - from the date of receipt. |
At the first periodic destruction following the end of the storage period. |
Contracts |
10 years - from the end of the contract. |
At the first periodic destruction following the end of the storage period. |
Security Camera Recordings |
2 years - from the date of registration. |
At the first periodic destruction following the end of the storage period. |
We have made the necessary assignments and established the relevant channels in order to respond to your questions as soon as possible. In this context, we have adopted the principle of realizing administrative and technical arrangements in order to respond to your questions in a short time and updating and changing them in accordance with the conditions of the day.
As the personal data owner, from our Company, which is the data controller, you have the right
- to learn whether your personal data is being processed,
- request information if this data has been processed,
- to learn the purpose of processing personal data and whether they are used in accordance with their purpose,
- If personal data is transferred both domestically and abroad, learn the persons and places of transfer,
- to request correction of your personal data in case of incomplete or incorrect processing,
- to request the deletion or destruction of your personal data in case the reasons requiring the processing of your personal data disappear,
- If your personal data is corrected or destroyed, to request that this matter be notified to third parties to whom the data has been transferred,
- object to unfavorable results arising from analysis exclusively through automated systems, and
- to demand compensation for damages in case you suffer damage due to unlawful processing of your personal data.
Your personal data will be destroyed or anonymized upon your request, except for personal data that no longer have a purpose for data processing, the expiration of the statute of limitations and the expiration of the retention periods specified in the Personal Data Policy at www.siedres.com and/or personal data that must be kept by law.
As the owner of personal data, you can request your data from our Company as the data controller within the above scope by sending an e-mail to the registered electronic mail address (KEP) specified in the application form on our website, or by sending a notification via notary public or by registered mail with return receipt requested, or by applying in person to "Merkez Mah. Bağlar Cad. No: 14C/6 Kağıthane, Istanbul" address in person, you can make a request from our Company as the data controller about your data within the scope above.