This Clarification Text is related to the processing of personal data of the Company's customers by BonitoFav Anonim Şirketi within the scope of the Law on the Protection of Personal Data No.6698 and other relevant legal regulations and the Communiqué on the Procedures and Principles to be followed in the Fulfillment of the Disclosure Obligation issued by the Personal Data Protection Authority. The obligation of disclosure has been prepared to fulfill the principles and procedures.
1) For What Purpose Is Personal Data Processed?
2) For Which Purposes Is The Processed Personal Data Transferred To?
3) What Are the Methods and Legal Reasons for Obtaining Personal Data?
4) What are the rights granted by Article 11 of the Law?
You can find detailed information about the processing of your personal data within the scope of this Clarification Text from BonitoFav Company's Personal Data Protection and Processing Policy at [www …………………… .com].
DEFINITIONS
1) Explicit consent: Consent on a specific subject, based on information and declared with free will,
2) Anonymization: Making personal data unidentified or identifiable in any way, even by matching with other data,
3) Related person: Real person whose personal data is processed,
4) Personal data: All kinds of information regarding an identified or identifiable natural person,
5) Processing of personal data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over personal data fully or partially automatically or by non-automatic means provided that it is part of any data recording system. All kinds of operations performed on data such as making it available, classifying or preventing its use,
6) Board: The Personal Data Protection Board,
7) Authority: Personal Data Protection Authority,
8) Data processor: A natural or legal person who processes personal data on behalf of the data controller,
9) Data recording system: The recording system in which personal data are structured and processed according to certain criteria,
10) Data controller: refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
1) For What Purpose Is Personal Data Processed?
Your personal data are collected and processed for the following reasons, provided that BonitoFav A.Ş. is limited to the conditions and rules specified in the law.
- To provide development in product, service, sales, marketing, advertising issues, to gain momentum towards improvement,
- to be able to promote and carry out marketing on issues such as product, service, sales,
- To carry out the necessary work and carry out all processes related to this in order to carry out the commercial activities carried out by the company without any missing elements
-For the purposes of planning and execution of commercial and / or business strategies and ensuring the legal, technical and commercial-business security of the relevant persons,
- Fulfillment of data storage, reporting and information obligations requested by judicial and administrative authorities,
- Full execution of legal obligations, rights and responsibilities as required or required by legal regulations,
- To carry out advertising, promotion, marketing, sales and information activities
- Detection and control of the customer base,
- Backup to prevent any data loss,
- To benefit from all kinds of tools and opportunities at the point of establishing communication,
-Detection of website visitors and not recording them,
-All other purposes specified in the KVKK and relevant legislation.
2) To Whom and For What Purposes Are Processed Personal Data Transferred?
Personal data collected and processed by the company, within the framework of the personal data processing conditions and purposes specified in the Law, the products and services offered by the company are customized according to the likes, usage habits and needs of the relevant people, and the planning and execution of the activities required for the promotion and promotion of the relevant persons. To carry out the necessary work by the business units to benefit the relevant persons from the products and services offered by the Company and to carry out the relevant business processes, to carry out the necessary work by the relevant business units for the realization of the commercial activities carried out by the Company and to carry out the related business processes, or the planning and execution of business strategies, and for the purposes of ensuring the legal, technical and commercial-business security of the Company and the relevant persons who have a business relationship with the Company and for all the reasons mentioned above, Bees and their suppliers, legally authorized institutions and organizations, legal and administrative authorities, affiliated companies, solution partners, official authorities and institutions in order to fulfill legal obligations, legally authorized private law legal entities.
3) Method of Obtaining Personal Data and What are its Legal Reasons?
Personal data is collected within our company, including all kinds of verbal and written areas, including electronic or physical media. Your personal data collected for legal reasons specified in the disclosure text submitted to your information prepared herein and within the framework of the personal data processing conditions specified in the Law and other relevant legislation, after the necessary information has been given to the relevant person, and without any pressure, in cases requiring explicit consent in written or electronic environment, and can be processed and shared.
Personal Data can be processed even without the consent of the relevant person in the presence of the following situations listed in the KVKK:
- Explicitly stipulated in the laws
- It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his consent due to actual impossibility or whose consent is not legally valid.
- It is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract.
- It is mandatory for the data controller to fulfill its legal obligation.
- The person concerned is made public by himself.
- Data processing is mandatory for the establishment, exercise or protection of a right.
- Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned.
In the processing of special quality data, the law and the decisions of the Personal Data Protection Board are followed. The express consent condition and other special conditions determined by law are meticulously complied with.
4) What are the rights granted by Article 11 of the Law?
As personal data owners, if you submit your requests regarding your rights stated below to the Company using the methods specified under the heading of Exercise of Rights by Data Owners, your requests will be evaluated and concluded by our Company as soon as possible and in any case within 30 (thirty) days.
-Everyone about himself by contacting the data controller;
a) Learning whether personal data is being processed,
b) Requesting information if personal data has been processed,
c) To learn the purpose of processing personal data and whether they are used appropriately for their purpose,
ç) To know the third parties in the country or abroad to whom personal data are transferred,
d) To request correction of personal data in case of incomplete or incorrect processing,
e) Request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7,
f) requesting that the transactions made pursuant to paragraphs (d) and (e) be notified to third parties to whom personal data are transferred,
g) To object to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
ğ) In case of damage due to the processing of personal data illegally, it has the right to demand the compensation of the damage.
Exercise of Rights by Data Owners
• Data owners will be able to use the "Form Regarding Applications Made to the Data Supervisor by the Personal Data Owner" in the link [ww …………… .. ……… ..com] to use the rights mentioned above.
• Applications will be made with one of the following methods, together with the documents that will determine the identity of the relevant data owner:
• filling in the form of a wet hand-signed copies, notary or via registered mail return receipt [............................................................... ..- Turkey] be forwarded to the address,
• Signing the form with a secure electronic signature regulated within the scope of Electronic Signature Law No. 5070 and sending it via registered e-mail to […………………… ..] hs02.kep.tr,
• Following a method prescribed by the Personal Data Protection Board.
• The company responds within thirty (30) days at the most to data owners who want to exercise their rights within the framework of the limits stipulated in the Law. In order for third parties to make an application request on behalf of personal data owners, a special power of attorney issued by the data owner through a notary public must be available for the person to apply.
• As a rule, data subject applications are processed free of charge, however, when necessary, charges can be made over the tariff stipulated by the Personal Data Protection Board.
• The company may request information and documents from the relevant person in order to determine whether the applicant is the owner of personal data, and in order to clarify the matters specified in the application, the personal data owner may ask a question about his application.