Privacy Notice on Personal Data Protection
Within the scope of the Fulfilment of the Obligation to Inform of the Data Controller in accordance with the Personal Data Protection Law No. 6698 (“KVKK”) and the European Union 2016/679 General Data Protection Regulation (“GDPR”), we aim to inform you about your personal data processed by Gözen Security Services and Trade Inc. (“Company”, “we”) in the capacity of data controller with this Privacy Notice.
1. WHAT ARE YOUR PROCESSED PERSONAL DATA?
- Identity Information: Name-Surname
- Contact Information: E-mail address, Phone Number, Address Information
- Customer Transaction Information: Website usage information, preferences, likes, interests and usage habits, advertising ID (identity identifiers), billing information, request / complaint information, comments, points and evaluation information
- Transaction Security Information: Data about the device you use, such as device type, model, operating system and version, IP address, user transaction logs
2. WHAT ARE THE METHOD, PROCESSING PURPOSES AND LEGAL BASIS OF THE COLLECTION OF YOUR PERSONAL DATA?
Your personal data mentioned above are collected by automatic and/or partially automatic methods during the establishment of your relationship with us and during the continuation of the relationship in question, for the purposes and based on the reasons for compliance with the law set out below.
| PERSONAL DATA CATEGORY | PURPOSES | LEGAL BASIS |
- Identity Information
- Contact Information
- Customer Transacton Information
- Transaction Security Information
| - Execution of Communication Activities
- Execution of Customer Relationship Management Processes
- Execution of Activities for Customer Satisfaction
- Execution of Company / Product / Service Loyalty Processes
- Conducting Marketing Analysis Studies
- Execution of Advertising/Campaign/Promotion Processes
- Receiving and Evaluating Suggestions for Improvement of Business Processes
- Follow-up Requests / Complaints
- Providing Information on Personal Data Processing Processes
- Providing Information to Authorized Persons, Institutions and Organizations
| - Processing of your personal data is explicitly stipulated by legislation (KVKK m. 5/2-a)
- Processing of your personal data is necessary for fulfilling our legal obligations (KVKK m. 5/2-ç) (GDPR m. 6/1-c)
- Legitimate interest of the data controller (KVKK m. 5/2-f) (GDPR m. 6/1-f)
- Obtaining explicit consent (KVKK m. 5/1) (GDPR m. 6/1-a) (Only if you explicitly consent to commercial electronic messages, we obtain your explicit consent to contact you for this purpose).
|
3. TO WHOM YOUR PERSONAL DATA ARE TRANSFERRED AND WHAT ARE THE PURPOSES OF TRANSFER?
Your personal data can only be transferred to third parties in the following cases, being limited, associated and restrained with the purposes of the processing, in accordance with the provisions of the KVKK and GDPR regarding the transfer of personal data.
| RECIPIENTS | PURPOSES |
| Authorized Persons, Institutions or Organizations | To fulfill our legal obligations, to inform authorized persons, institutions, or organizations within the scope of our legal obligations, to carry out legal processes, and to conduct our business operations in accordance with the legislation. |
| Suppliers and Business Partners | Obtaining support from third parties within the scope of supplying goods or services (For example: advertising agencies etc.), ensuring business continuity, managing our relations with suppliers and business partners, conducting organizations and events. |
| Gözen Holding A.Ş. Group Companies | Some of the services offered by our company are carried out through our affiliates, your personal data may be shared with our relevant group companies in this context. Gözen Holding A.Ş. Group Companies may share your information with Holding Group Companies only when exceptionally necessary for the purpose of execution of administrative affairs, technical and technological activities. You may access the information of our Holding Companies at https://gozenholding.com/. |
4. IN CASE YOUR PERSONAL DATA IS TRANSFERRED ABROAD, WHAT ARE THE PURPOSES OF THE TRANSFER?
- In accordance with the provisions of the KVKK and GDPR regarding the transfer of personal data, limited, related and adequate (proportionate) to the purposes of the processing; for the purpose of obtaining support within the scope of supplying goods or services (e.g. advertising agencies etc.), ensuring business continuity, managing our relations with suppliers and business partners for the purpose of conducting organizations and events, your relevant personal data may be transferred to our suppliers and business partners abroad.
- We may transfer your personal data abroad for data storage and messaging services. Please be informed that your personal data may be transferred abroad since digital services such as cloud applications and storage, hosting, and messaging systems used by the Company are obtained from service providers located abroad.
5. WHAT DOES IT MEAN TO GIVE EXPLICIT CONSENT FOR COMMERCIAL ELECTRONIC COMMUNICATION?
Commercial electronic messages shall be sent to you in order to provide information about our services through the communication channel/channels you have selected, to promote our goods and services, and to inform you about our campaigns in line with your consent you have given while filling out our “Contact Form” on our website. Accordingly, your relevant personal data will be processed in accordance with the Regulation of Electronic Commerce Law No. 6563, and the Regulation on Commercial Communication and Commercial Electronic Messages.
You are in full control of your decision to give consent in this regard. You are not obliged to give any consent, and you may withdraw your consent at any time by informing the Company or through The Centralized Commercial Message Management System (“IYS”) – https://iys.org.tr.
Please be informed that the messages sent for non-marketing and service information purposes are outside the scope of commercial electronic messages pursuant to Article 6 of the Regulation on Commercial Communication and Commercial Electronic Messages and are not subject to the relevant consent. Even if you have not given the relevant consent, electronic messages may be sent to you by our Company for non-marketing purposes and to provide service information.
In accordance with the relevant legislation, your commercial electronic message permissions must be recorded in the Centralized Commercial Message Management System (“IYS”), and in this context, the contact address (phone number or e-mail address), permission date, communication channel, recipient type, and permission source data shall be shared with IYS. For detailed information about IYS, please visit https://iys.org.tr.
6. FOR HOW LONG YOUR PERSONAL DATA IS STORED?
Your personal data is not stored for longer than the required period. In accordance with our company procedure, the storage period of your personal data processed during your relationship with our Company is 10 years. At the end of this period, the data is destroyed.
In addition, our company is committed to ensuring the protection of your personal data. Therefore, technical and organisational measures are taken within the scope of KVKK and GDPR to protect your personal data from unauthorised access, use or disclosure.
7. WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL DATA?
In accordance with the Article 11 of the KVKK, you have the following rights regarding your personal data;
- Right to be Informed: To learn whether personal data is processed, To request information if personal data is processed, To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
- Right of Access: To know the third parties to whom personal data are transferred domestically or abroad,
- Right to Rectification: To request correction of personal data in case of incomplete or incorrect processing,
- Right to Erasure: Request deletion or destruction of personal data,
- Right to Notification: In case of correction, deletion or destruction of personal data, to request notification of these transactions to third parties to whom personal data are transferred,
- Right of Objection: To object to the occurrence of a result to the detriment of the person himself/herself by analysing the processed data exclusively through automated systems,
- Right to Compensation: To demand compensation for damages in case of loss due to unlawful processing of personal data.
In accordance with the articles within Chapter 3 of the GDPR, you have the following rights regarding your personal data;
- Right to be Informed: Organisations must tell individuals what data is collected, how it is used, how long it will be stored and whether it will be shared with third parties.
- Right of Access: Individuals have the right to request a copy of the information an organisation holds on them.
- Right to Rectification:: Individuals have the right to correct inaccurate or incomplete data.
- Right to Erasure and to be Forgotten: In certain circumstances, individuals can ask organisations to erase personal data stored on them, including on the Internet.
- Right to Data Portability: Individuals can request organisations to transfer all data held on them to another company.
Right to Restriction of Data Processing: Individuals can request that an organisation limit the way it uses their personal data.
- Right to Object: Individuals have the right to object to certain types of processing, such as direct marketing.
- Rights relating to automated individual decision-making tools, including profiling: Individuals can ask organisations to provide a copy of their automated processing activities if they believe that data is being processed unlawfully. Organisations should also remind individuals that they are free to exercise their rights and explain how they can do so.
8. HOW TO USE YOUR RIGHTS?
In order to exercise these rights granted to the data subjects under Article 11 of KVKK and Article 3 of the GDPR, certain procedures are set out in the Communiqué on the Procedures and Principles of Application to the Data Controller. To exercise your rights and to get information about your rights;
- You can send your requests to the following address of our company by hand upon identification in person or through a notary public,
- Gözen Güvenlik Hizmetleri ve Ticaret Anonim Şirketi (Gözen Security Services and Trade Inc.), Yeşilköy Mahallesi Atatürk Caddesi No. 12/2 K.16 D. 459-460 Bakırköy / İstanbul,
- You can apply to our company’s dpo@gozensecurity.com e-mail address or our company’s registered electronic mail (KEP) gozenguvenlik@hs03.kep.tr address with your secure electronic signature and mobile signature or your e-mail address previously notified to us by you and confirmed by us in our systems.
