1. PURPOSE
As BURDEN İPEK TEKSTİL SANAYİ VE TİCARET ANONİM ŞİRKETİ; The processing and data of real persons, including our members, customers, visitors, suppliers and employees, in accordance with the relevant legislation, in particular the Constitution of the Republic of Turkey, the International Conventions on human rights to which our country is a party, and the Law on the Protection of Personal Data No. 6698 (“KVKK”). It is our priority to ensure that the rights of the persons who are processed are used effectively.
Therefore, but not limited to those listed; BURDEN İPEK TEKSTİL SANAYİ VE TİCARET ANONİM ŞİRKETİ Personal Data Protection and Processing We perform in accordance with its Policy (“Policy”).
Protecting personal data and observing the fundamental rights and freedoms of natural persons whose personal data are collected are the basic principles of our policy regarding the processing of personal data. For this reason, we carry out all our activities in which personal data are processed, by protecting the privacy of private life, confidentiality of personal information, confidentiality of communication, freedom of thought and belief, and using effective legal remedies.
For the purpose of protecting personal data, we take all administrative and technical protection measures required by the nature of the data in accordance with the legislation and up-to-date technology.
This Policy explains the methods we follow for the processing, storage, transfer and deletion or anonymization of personal data shared during our commercial, promotional-marketing or social responsibility and similar activities within the framework of the principles mentioned in the KVKK.
2. SCOPE
All personal data processed by the Company, including our visitors, business contacts, business partners, employees, suppliers, members, third parties, are within the scope of this Policy.
Our policy is implemented in all activities related to the processing of personal data owned or managed by the Company, and has been handled and prepared by considering the KVKK and other relevant legislation regarding personal data and international standards in this field.
3. DEFINITIONS and ABBREVIATIONS
In this section, special terms and phrases, concepts, abbreviations etc. in the Policy. briefly explained.
- Burden İpek: BURDEN İPEK TEKSTİL SANAYİ VE TİCARET ANONİM ŞİRKETİ
- Explicit Consent: Consent, based on information and free will on a particular subject, with a clear and unambiguous, limited only to that transaction.
- Anonymization: It is the rendering of personal data in no way associated with an identified or identifiable natural person, even by matching with other data.
- Employee: Company Personnel.
- Personal Data Owner (Relevant Person): The real person whose personal data is processed.
- Personal Data: Any information relating to an identified or identifiable natural person.
- Special Qualified Personal Data: People's race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, health information, fingerprints, clothing, association, foundation or union membership, health, sexual life, criminal conviction , and data on security measures, as well as biometric and genetic data.
- Processing of Personal Data: Obtaining, recording, storing, storing, changing, rearranging, disclosing, transferring, taking over, making available, classifying personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system. or any kind of operation performed on the data, such as preventing its use.
- Data Processor: The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.
- Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
- KVK Board: Personal Data Protection Board.
- KVK Institution: Personal Data Protection Authority.
- KVKK : The Law on Protection of Personal Data published in the Official Gazette dated 7 April 2016 and numbered 29677.
- Policy: BURDEN İPEK TEKSTİL SANAYİ VE TİCARET ANONİM ŞİRKETİ Policy on Protection and Processing of Personal Data.
4. ROLE AND RESPONSIBILITIES
4.1. Board of Directors
The Board of Directors is responsible for the oversight of the determination and operation of notification, review and sanction mechanisms in case of non-compliance with the Policy, rules and regulations.
Personal Data Protection and Processing Policy has been approved by the Board of Directors.
It is the authorized approval mechanism to ensure that the policy is created, implemented and updated when necessary.
4.2 Control Unit
By taking the necessary measures for the compliance of the foreign service companies with the Policy together with the employees involved.
The Audit Unit is responsible for examining the issues in order to examine the issues contrary to the policy.
4.3 Information Systems Commission
The Information Systems Commission is responsible for the preparation, development, execution and updating of this Policy. It evaluates this Policy in terms of timeliness and development needs when necessary.
It is the responsibility of the Information Systems Commission Manager to publish the prepared document on the institution portal.
5. LEGAL OBLIGATIONS
Legal obligations within the scope of protection and processing of personal data as a data controller in accordance with KVKK are listed below:
5.1. Our obligation to inform
While collecting personal data as a data controller;
- For what purpose your personal data will be processed
- Our identity, information on the identity of our representative, if any
- To whom and for what purpose your processed personal data can be transferred
- The way we collect data and the legal reason
- We have an obligation to inform the Related Person about the rights arising from the law.
As a company, we take care to ensure that this Policy, which is open to the public, is clear, understandable and easily accessible.
5.2. Our obligation to ensure data security
As the data controller, we take the administrative and technical measures stipulated in the legislation to ensure the security of the personal data in our responsibility. Obligations and measures regarding data security are detailed in the 9th and 10th sections of this Policy.
6. CLASSIFICATION OF PERSONAL DATA
6.1. Personal data
Personal data; all kinds of information regarding an identified or identifiable natural person.
The protection of personal data is only related to real persons, and information belonging to legal entities that do not contain information about the real person is excluded from personal data protection. Therefore, this Policy does not apply to data belonging to legal entities.
6.2. Special categories of personal data
Data on people's race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, their clothing, membership to associations, foundations or unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data are privately owned. qualified personal data.
7. PROCESSING PERSONAL DATA
7.1. Our personal data processing principles
We process personal data in accordance with the principles below.
7.1.1. Processing in accordance with the law and honesty rules
We process personal data in accordance with the rules of honesty, transparently and within the framework of our disclosure obligation.
7.1.2. Ensuring that personal data is accurate and, where necessary, up to date
We take the necessary measures in our data processing procedures to ensure that the processed data is accurate and up-to-date. We also allow the Personal Data Owner to apply to us to update their existing data and to correct any errors in their processed data, if any.
7.1.3. Processing for specific, explicit and legitimate purposes
Personal data as a company; We operate within our legitimate aims, the scope and content of which are clearly defined and determined to continue our activities within the framework of the legislation and the ordinary course of commercial life.
7.1.4. Personal data must be connected, limited and measured for the purpose for which they are processed.
We process personal data in connection with the purpose we have clearly and precisely determined, in a limited and measured way.
We avoid the processing of personal data that is not relevant or does not need to be processed. For this reason, we do not process personal data of a private nature unless there is a legal requirement, or we obtain express consent when we need to process it.
7.1.5. Storage of personal data for the duration of our legitimate commercial interests and stipulated by legal regulations
Many regulations in the legislation require personal data to be kept for a certain period of time. For this reason, we keep the personal data we process for as long as required by the relevant legislation or for the purposes of processing personal data.
In the event that the storage period stipulated in the legislation expires or the purpose of the processing is lost, we delete, destroy or anonymize personal data. Our principles and procedures regarding retention periods are stated in 9.1 of this Policy. detailed in the article.
7.2. Our purposes for processing personal data
We process personal data for the purposes listed below:
- To carry out our commercial activities
- To provide support services within the scope of the contract and within the framework of service standards
- To determine the preferences and needs of our members/visitors and to shape and update the services we provide within this scope.
- To ensure that our legal obligations are fulfilled as required or required by legal regulations.
- Evaluating job applications
- Liaising with people who have a business relationship with the company
- Marketing
- Supporting the training, development and career processes of our employees
- Compliance management
- Vendor / supplier management
- legal reporting
- Billing
- Running Burden İpek and the burdenipek.com Membership System
- Providing communication between Burden İpek employee candidates and employers
- Managing call center processes
- To provide corporate communication
- Individualizing all campaigns of Burden İpek and making offers and promotions according to their interests.
- To provide communication between the company and the transportation or technical service after the purchase of the product, especially for Burden İpek
- Sending newsletters by SMS, e-mail, doing marketing activities or making notifications.
7.3. Processing of special categories of personal data
Special categories of personal data are processed by us by taking the administrative and technical measures envisaged by the laws and by the KVK Board, if there is express consent, or when required by the legislation.
Since sensitive personal data related to health and sexual life can be processed by persons or authorized institutions and organizations under the obligation of keeping confidentiality, for the purpose of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, It is not processed by us other than the data of our employees. Such data belonging to our employees can be processed by the persons stipulated in the laws.
7.4. Processing personal data collected through cookies
We use cookies to improve the functioning and use of our websites or mobile applications, and we try to make the time you spend on our digital platforms more productive and enjoyable. In addition, we use some cookies to remember the choices you make on our websites and mobile applications, thus providing you with an improved and personalized experience.
We can collect your personal data, process, transfer and store the data we collect through cookies on our digital platforms.
You can find detailed information about the cookies we use in the "Burden İpek Privacy Policy".
7.5. Processing of personal data for recruitment and employment purposes
Your CV, diploma, photograph, etc. that you share with us during the application process as an employee candidate. We process, store and transfer your personal data in other documents for the purpose of job application evaluation. The processing, transfer and storage of the personal data you share as an employee candidate is within the scope of this Policy.
Personal data of the Employee; Apart from this Policy, Burden İpek is collected, processed and stored within the framework of Human Resources.
7.6. Processing of personal data collected within the scope of other memberships provided through the burdenipek.com membership system
Visitors to subscribe to digital platforms through burdenipek.com system;
- Name surname
- Email address
- Phone number
- Date of Birth-TC ID
They create a membership in the system by sharing their information with us.
Deletion, destruction or anonymization of personal data within the scope of this platform is within the scope of Article 9 of this Policy.
7.7. Processing of personal data collected within the scope of Job Application
Personal data obtained through application forms, CVs and applications made to intermediary institutions will be recorded to be used for the evaluation of the job application.
They are advised to review their personal data processing and privacy policies.
Those who apply with the Application Form;
- Identity information (name, surname, date of birth, TR ID number)
- Contact information (address, e-mail address, phone number, etc.)
- Educational information (graduated schools, etc.)
- Work experiences
- foreign language knowledge
- Computer skills
- Certificate
- Reference
- Photo
- health data
- General information such as driver's license/travelability etc.
They create a resume by sharing their information. Depending on the nature of the application, the employer may request additional photographic-health data from the member who creates the CV in order to evaluate whether he is qualified for the job in question. The requested health information is processed only for employment purposes within the scope of the relevant legislation.
The information shared by the applicants within the scope of the CV can be viewed by the employer companies. Within the scope of the legislation, it stores the identity, education and profession information of the APPLICANT and can transfer these data to solution partners, public institutions and organizations upon request.
Deletion, destruction or anonymization of personal data within the scope of this platform is within the scope of Article 9 of this Policy. In the event of a negative result of the job application process, the processing and data security of personal data shared with the employer is the responsibility of the employer.
7.8. Processing of personal data collected within the scope of Purchase Transactions
When a purchase is made, the financial information of the CUSTOMER is transferred to individuals and institutions such as bank or credit card companies to perform the transaction. Data transferred;
- Credit Card Number
- Expiration date
- CVV2
or data related to payment purposes, such as bank account information.
During the purchase, data such as invoice and payment information of the customer (name, surname, tc, phone number, invoice address), invoices sent and receipt samples of payments received from members, payment number, invoice amount, invoice number, invoice date are obtained. . These data; managing the invoicing process, accounting, after-sales services, communication, marketing, auditing, control, and payment service providers. When the purchase is made, the financial information of the customer is transferred to persons such as banks or credit card companies in order to carry out the transaction. Credit card information is not kept in Burden İpek databases.
During shopping, video recording is made in stores for security purposes and to view cashier transactions. In distance sales made by phone, voice recordings are taken in order to make safe sales.
The aforementioned data are transferred in accordance with Article 8 of this Policy and shared with third parties.
Deletion, destruction or anonymization of personal data within the scope of this platform is within the scope of Article 9 of this Policy.
7.9. Exceptional cases where express consent is not sought in the processing of personal data
In exceptional cases listed below and arising from the law, we may process personal data without express consent:
- expressly stipulated in the law
- It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract
- Data processing is mandatory for the establishment, exercise or protection of a right
- It is necessary for us to process your data for our legitimate interests as data controller, provided that it does not harm fundamental rights and freedoms.
Exceptional cases where sensitive personal data can be processed without the explicit consent of the Relevant Person are specified in article 7.3 of this Policy.
8. TRANSFER OF PERSONAL DATA
8.1. Transfer of personal data to the country
As a company, we act in line with the decisions and regulations stipulated in the KVKK and taken by the KVK Board regarding the transfer of personal data.
Without prejudice to the exceptional circumstances in the legislation, personal data and sensitive data are not transferred to other real persons or legal entities without the explicit consent of the Relevant Person.
In exceptional cases stipulated by the KVKK and other legislation, the data may be transferred to the authorized administrative or judicial institution or organization in the manner prescribed by the legislation and within the limits, without the explicit consent of the Relevant Person.
In addition, with the exceptional circumstances stipulated by the legislation;
- In cases described in the Policy
- Regarding special categories of personal data, in the cases listed in the Policy
- With the taking of the measures stipulated by the KVK Board and the relevant legislation, personal data of a private nature and to the health of the Relevant Person can only be kept confidential for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing. It can be transferred to persons or authorized institutions and organizations that are under the obligation to keep it, without seeking explicit consent.
8.2. Transfer of personal data abroad
As a rule, personal data is not transferred abroad without the explicit consent of the Relevant Person. However, in cases where one of the exceptional cases of this Policy exists, third parties abroad can only:
- Being in countries with sufficient protection declared by the KVK Board
- If it is located in countries where there is no adequate protection, the data controllers in Turkey and in the foreign country in question must undertake an adequate protection in writing and the KVK Board has permission
In such cases, personal data may be transferred abroad without express consent.
8.2.1. Transfer of personal data abroad for the purposes of providing our services and marketing activities
We work with service providers located abroad for purposes such as developing the website and digital platforms, conducting surveys, increasing the variety of products and services according to the preferences of visitors and members, and measuring user experience. It is recommended to examine the relevant policies of the service providers it cooperates with regarding the processing and protection of personal data.
8.3. Institutions and organizations to which personal data are transferred
Personal data;
- To our suppliers
- To our business partners and business contacts
- To technical services
- To shipping companies
- To cargo companies
- Legally authorized public institutions and organizations
- Legally authorized private legal persons
- It can be transferred to our partners according to the principles and rules described above.
- Independent audit firms
8.4. Measures we take regarding the legal transfer of personal data
8.4.1. technical measures
To protect personal data, but not limited to those listed;
- To make in-house technical organization for the processing and storage of personal data in accordance with the legislation.
- It creates the technical infrastructure to ensure the security of the databases where your personal data will be stored.
- Follows and controls the processes of the technical infrastructure created
- It determines the procedures for reporting the technical measures and audit processes we take.
- Periodically updates and renews technical measures.
- Risky situations are re-examined and necessary technological solutions are produced.
- It uses virus protection systems, firewalls and similar software or hardware security products and establishes security systems in line with technological developments.
- We employ employees who are experts in technical matters.
8.4.2. Administrative measures
To protect your personal data, but not limited to those listed;
- Establishes policies and procedures for accessing personal data, including company and subsidiary employees within our company.
- Informs and educates our employees about the legal protection and processing of personal data.
- In the contracts we make with our employees and / or the policies we create, the company records the measures to be taken in cases where personal data are illegally processed by our employees.
- We monitor the processing of personal data of the data processors we work with or the partners of the data processors.
9. STORAGE OF PERSONAL DATA
9.1. Keeping personal data for the period required by the relevant legislation or for the purpose for which they are processed.
We keep personal data for as long as required by the purpose of processing personal data, without prejudice to the storage periods stipulated in the legislation.
In cases where we process personal data for more than one purpose, the data is deleted, destroyed or anonymized and stored if the purposes of processing the data disappear or there is no legal obstacle to the deletion of the data upon the request of the Relevant Person. The provisions of the legislation and KVK Board decisions are complied with regarding destruction, deletion or anonymization.
9.2. Measures we take regarding the storage of personal data
9.2.1. technical measures
- It creates technical infrastructures and related control mechanisms for the deletion, destruction and anonymization of personal data.
- Takes necessary measures to keep personal data safe
- Employs employees with technical expertise
- It creates business continuity and emergency plans against possible risks and develops systems for their implementation.
- We establish security systems in accordance with technological developments regarding the storage areas of personal data.
9.2.2. Administrative measures
- Raising awareness by informing our employees about the technical and administrative risks related to the storage of personal data
- In case of cooperation with third parties for the storage of personal data, contracts made with companies to which personal data are transferred; We include provisions regarding taking the necessary security measures for the protection and safe storage of the transferred personal data of the persons to whom personal data is transferred.
10. SECURITY OF PERSONAL DATA
10.1. Our obligations regarding the security of personal data
Personal data;
- To prevent illegal processing,
- To prevent illegal access,
- To ensure that it is stored in accordance with the law,
We take administrative and technical measures according to technological possibilities and implementation costs.
10.2. Measures we take to prevent unlawful processing of personal data
- Carries out and has the necessary inspections made within our company,
- Training and informing our employees about the legal processing of personal data,
- The activities carried out by our company are evaluated in detail for all business units, and as a result of the said evaluation, personal data is processed specifically for the commercial activities carried out by the relevant units,
- In contracts made with companies that process personal data, in cases where cooperation is made with third parties for the processing of personal data; It includes provisions regarding the taking of necessary security measures by the persons who process personal data,
- In case of unlawful disclosure of personal data or data leakage, we notify the KVK Board about the situation and carry out the investigations stipulated by the legislation and take the measures.
10.2.1. Technical and administrative measures taken to prevent unlawful access to personal data
To prevent unlawful access to personal data;
- Employs employees with technical expertise,
- Periodically updating and renewing the technical measures,
- Establishes access authorization procedures within our company,
- It determines the procedures regarding the reporting of the technical measures and audit processes we take,
- It creates the data recording systems used in our company in accordance with the legislation and makes periodic audits,
- It creates emergency aid plans against the risks that may occur and develops systems for their implementation,
- We train and inform our employees about accessing and authorizing personal data,
- In contracts with companies that provide access to personal data, in cases where cooperation is made with third parties for activities such as processing and storage of personal data; It includes provisions regarding taking the necessary security measures of persons accessing personal data,
- We establish security systems within the scope of technological developments in order to prevent unlawful access to personal data.
10.2.2. Measures we take in case of unlawful disclosure of personal data
LinkWe take administrative and technical measures to prevent the unlawful disclosure of personal data and update them in accordance with our relevant procedures. If we detect that personal data has been disclosed without authorization, we establish systems and infrastructures to notify the Related Person and the KVK Board.
In case of an unlawful disclosure despite all the administrative and technical measures taken, this may be announced on the website of the KVK Board or by any other method, if deemed necessary by the KVK Board.
11. RIGHTS OF PERSONAL DATA SUBJECT
Within the scope of our disclosure obligation, we inform the Personal Data Owner and establish systems and infrastructures for this information. We make the necessary technical and administrative arrangements for the Personal Data Owner to exercise their rights regarding their personal data.
On the Personal Data Owner's personal data;
- Learning whether personal data is processed
- If personal data has been processed, requesting information about it
- Learning the purpose of processing personal data and whether they are used in accordance with the purpose
- Knowing the third parties to whom personal data is transferred at home or abroad
- Requesting correction of personal data if it is incomplete or incorrectly processed
- To request the deletion or destruction of personal data in case the reasons requiring the processing of personal data disappear
- Requesting notification of the above-mentioned correction, deletion or destruction processes to third parties to whom personal data has been transferred
- Objecting to the emergence of an unfavorable result by analyzing the processed data exclusively through automated systems
- In the event that personal data is damaged due to unlawful processing, it has the right to demand the compensation of the damage.
11.1. Exercise of rights regarding personal data
Personal Data Owner requests his/her personal data
- Hobyar Mah. Aşirefendi Cad. Faal Han No:29/A 34112 Sultanhamam/İSTANBUL İstanbul in writing and with wet signature
In the application,
a) Name, surname and signature if the application is written,
b) For citizens of the Republic of Turkey, T.R. identification number, nationality for foreigners, passport number or identification number, if any,
c) Domicile or workplace address for notification,
ç) If available, the e-mail address, telephone and fax number for notification,
d) Subject of the request,
must be present.
(3) Information and documents related to the subject are attached to the application.
(4) In written applications, the date of notification is the application date.
(5) In applications made by other methods; The date on which the application reaches us is the application date.
Such requests will be made individually and requests made by unauthorized third parties regarding personal data will not be taken into consideration.
11.2. Evaluation of the application
11.2.1. Application response time
Requests for personal data are concluded as soon as possible and in any case within 30 (thirty) days at the latest, free of charge, or against the fee in the tariff if the conditions in the tariff to be published by the KVK Board are met.
Additional information and documents may be requested during the application or while the application is being evaluated.
11.2.2. Our right to refuse the application
Applications regarding personal data;
- Processing personal data for purposes such as research, marketing, planning and statistics by anonymizing with official statistics
- Processing personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that it does not violate privacy or personal rights or constitute a crime
- Processing of personal data made public by the Personal Data Owner
- The application is not based on a just cause,
- The application contains a request contrary to the relevant legislation,
- Failure to comply with the application procedure
rejected with justification.
11.3. Evaluation procedure of the application
In order for the response period specified in this Policy to begin, you must send the requests made using the methods in Article 11.1 and with information and documents proving the applicant's identity.
If the request is accepted, the relevant action is applied and a written or electronic notification is made. In case of rejection of the request, the applicant is notified in writing or electronically by explaining the reason.
11.4. Right to complain to the Personal Data Protection Board
In cases where the application is rejected, the answer we give is insufficient or the answer is not given on time; The applicant has the right to complain to the KVK Board within 30 (thirty) days from the date of learning the answer and in any case within 60 (sixty) days from the date of application.
12. PUBLICATION AND STORAGE OF THE DOCUMENT
This Policy is stored in two different media, in hard copy and electronic media.
13. UPDATE PERIOD
This Policy is reviewed at least once every two years and updated in accordance with the principles as needed.
14. EFFECTIVENESS
This Policy is deemed to have entered into force after its publication on the Company's website.
15. REVOCATION
In the event that it is decided to be revoked, the wet signed old copies of this Policy are canceled and signed by the Legal Unit with the written approval of the Department Manager (with an annulment stamp or an annulment) and kept by the Legal Unit for a period of 5 years.
16. Turning Off Browser Cookies
Turning Off Chrome Cookies
- Open Chrome.
- Click More Settings in the top right.
- Click Advanced at the bottom.
- Under "Privacy and security", click Content settings Cookies.
- Click Add next to "Block".
- Enter the web address.
- www.burdenipek.com
- Click Add.
Turning Off Explorer (Edge) Cookies
- Open the control panel.
- Enter the Internet options menu.
- In the window that opens, go to the Privacy tab.
- Click the Sites button.
- Enter the web address www.burdenipek.com
- Click Block.
Turning Off Firefox Cookies
- Click the menu button and select Options.
- Select the Privacy and Security panel and go to Cookies and Site Data.
- If you want to disable cookies, check Block cookies and site data (some sites may not work properly).