LPPD
As AYDINLI HAZIR GIYIM SAN. TIC. A.Ş ("Company"), we attach utmost importance to the processing and protection of personal data in accordance with the Law 6698 on the Protection of Personal Data ("Law"), and we proceed accordingly in all our planning and activities. With this in mind, we present this Personal Data Processing and Protection Policy ("Policy") to inform you about the details of our personal data processing processes.
For the purposes of this Policy, the following definitions shall apply:
Company : AYDINLI HAZIR GIYIM SAN. TIC. A.Ş
Personal Data : All information relating to an identified or identifiable natural person.
Private Personal Data : hatalı
Processing of Personal Data : Any operation performed upon personal data such as collection, recording, storage, retention, alteration, re-organization, disclosure, transferring, taking over, making available, classification or preventing the use thereof, fully or partially through automatic means or provided that the process is a part of any data registry system, through non-automatic means.
Data Subject/Data Owner : The natural person whose personal data is processed by the company, including an employee, customer, business partner, stakeholder, authority, candidate for recruitment, visitors, company customers, potential customers and third persons and others.
Data Registry System : The registry system which the personal data is registered into through being structured according to certain criteria.
Controller : The natura lor legal person who determines the purpose and means of processing personal data and is responsible for establishing and managing the data registry system.
Processor : The natural or legal person who processes personal data on behalf of the controller upon his authorization.
Explicit Consent : Freely given, specific, informed consent.
Anonymizing : Rendering personal data impossible to link with an identified or identifiable natural person, even though matching them with other data.
Law : The Law 6698 on the Protection of Personal Data.
KVK Council : Personal Data Protection Council.
Destruction : Deletion, elimination or anonymization of personal data and ending processing there of.
The purpose of this policy is to ensure the sustainability of the Company's "principle of conducting company activities in a transparent manner", to disclose the systems for processing and protecting personal data in accordance with the law, and to inform the data subjects, including Company Stakeholders, Company Officials, Company, Business Partners, Employees, Candidate Employees, Visitors, Company and Group Company Customers, Potential Customers and Third Parties. Whose personal data are processed by our company accordingly.
1) Company Stakeholder : The natural persons who are the stakeholder of the company.
2) Natural Person Business Partner : The natural persons with whom the Company has any business relationship.
3) Stakeholder, Official, Employee of Company's Business Partners : All natural persons, including employees, stakeholders and officials of natural and legal persons (such as business partners, suppliers) with whom the Company has any business relationship.
4) Company Official : The natural persons who are the member of the company's board of directors and other persons authorized.
5) Employee/Intern : The natural persons who perform services in the company with an employment contract.
6) Candidate Employee : The natural persons who have applied to the company for a position by any means or have submitted CV and related information to the Company's review.
7) Company Customer : The natural persons who use or have used the products and services offered by the Company, regardless of whether they have any contractual relationship with the Company.
8) Potential Customer : The natural persons who have requested or been interested in using the Company's products and services, or may interest, have been evaluated in accordance with the commercial practices and bona fides, and have the potential to turn into customers.
9) Visitor : A natural person who visits physical sites owned by the Company for various purposes or the one who visits web sites of the company for any purpose.
10) Third Parties : Natural persons excluding the Data Subject categories mentioned above and Company employees.
A "Personal Data Protection Committee- ("KVK Committee")" has been established by the Company to ensure the necessary coordination within each Company to ensure and maintain compliance with the personal data protection regulations. This Committee is responsible for the execution and improvement of the systems established to ensure uniformity among company departments and to ensure that the activities carried out comply with the personal data protection regulation. In this regard, the main duties of the KVK Committee are as follows :
Personal Data can be collected and processed by the Company directly from the data subject in electronic or physical media within the scope of the business, legal, contractual relationship or otherwise established relationship between the Company and the data subject; within the framework of the purposes stated in detail below and based on the reasons for compliance with the law as specified in pint 2 of Article 5 of the Law No. 6698 or in the absence of such a reason, based on explicit consent. The details in this regard are specified in the clarification texts prepared separately for each data subject and presented to the data subjects in physical and electronic environments (Clarification Texts in stores and website, clarification texts for the Suppliers/ Business Partners, Clarification Texts for clarification text, Clarification Text for Visitors, etc.). At least one of the following is regarded as the legal basis for data processing.
In line with the Company's legitimate and lawful personal data processing purposes, personal data in the following categories are processed based on one or more provisions of the personal data processing specified in Article 5 of the Law, the general principles specified in the Law, primarily the principles specified in Article 4 regarding the processing of personal data for periods specified in this Policy by complying with the principles set forth in Article 4 of the Law on personal data processing and general provisions of the Law and obligations stipulated under the law and the data subjects are informed accordingly pursuant to Article 10 of the Law. In addition to the general definitions of the personal data processed in these categories, a description is given about what information they cover.
PERSONAL DATA CATEGORY DEFINITION OF PERSONAL DATA CATEGORIES
Identification : Any information of the identified or identifiable natural person such as name-surname, Turkish citizenship number, place of birth, date of birth, gender, identity card and passport number, tax number, Social Security number, etc.
Contact Information : Information such as telephone number, address, e-mail address, fax number, etc., of the identified or identifiable natural person.
Personnel Information : All kinds of personal data processed for the purpose of obtaining the information that will form the basis of the personal rights of natural persons who work as the personnel in accordance with the employment contract executed with the company.
Education and Professional Information : All information related to the employees, candidates, customers, and potential customers' work history and educational background.
Location Information : Information identifying the location of the Data Subject while using the Company vehicles within the framework of the operations carried out by the Company's business departments; GPS location data.
Information about Process Security : Information of the data subject such as IP address, computer password, internet access records.
Information about the security of physical venue : Personal data regarding the video recordings and documents taken at the entrance to the physical venues of the company, during the stay in the physical venue; and recordings taken at the security point, etc.
Financial Information : Personal data related to information, documents and records of all kinds of financial operations depending on the type of legal relationship the Company has established with the Data Subject, and data such as bank account number, IBAN number, credit card information, asset data, income information.
Private Personal Data : Data specified in Article 6 of the Law and the processing and protection of which is subject to more specific provisions (i.e., health data, biometric data, etc.).
Audio/Visual Information : Information consisting of photographs and camera recordings, audio recordings obtained through the call center of an identified or identifiable natural person.
Legal Proceedings Information : Data processed within the scope of determination and follow-up of the Company's legal receivables and rights, performance of its debts and legal obligations.
Customer Information : Information such as records for the use of products and services, and the customer's instructions and requests for the use of products and services.
Marketing Information : Personal data processed for the marketing of products and services by customizing them in line with the personal habits and interests of the data Subjects, and reports and evaluations created as a result of these processing results.
Personal data is processed by the Company in compliance with the procedures and principles set forth in the Law and this Policy :
Personal data is processed by the Company for the purposes listed below in accordance with the data processing law and principles. The existence of the following purposes may vary for each Data Subject.
The personal data obtained are processed by the Company according to the nature of the work, within the scope of the personal data processing provisions specified in Article 5 and 6 of the Personal Data Protection Law and for the purposes listed below :
MAIN PURPOSES and SECONDARY PURPOSES
Performing In-house Operations and Human Resources, Management of Personnel Processes
1. Establishment and Performing Business Activities
2. Planning, Auditing and Performing Information Security Processes
3. Event Management
4. Fulfillment of Legislative Obligations for Employees
5. Follow-up of Finance and Accounting Affairs
6. Planning and Performing Occupational Health and Safety Processes
7. Planning and Performing Human Resources Processes
8. Planning and Performing Business Activities
9. Planning and Performing Business Continuity Activities
10. Planning and Performing Corporate Communication Activities
11. Planning and Performing Logistics Activities
12. Planning and Performing Production and Operation Processes
13. Performing Audit and Security Activities
14. Creating and Tracking Visitor Records
15. Providing Physical Venue Security
16. Providing Information to Authorized Persons, Institutions and Organizations
17. Ensuring the Security of Data Controller Operations
18. Providing Internet Access and Providing Access Security
19. Retaining and Saving The Information Pursuant to The Relevant Legislation
Customer Related Processes/Operations and Marketing Activities
1. Planning and Carrying out Purchasing Goods and Services, Planning and Sales Processes
2. Planning and Carrying out After Sales Support Services
3. Planning and Performing Sales and Marketing Processes of Products and Services
4. Follow-up of Contract Processes and Legal Requests
5. Carrying out Finance and Accounting Affairs
6. Planning and Carrying out Customer Relationship Management Processes
7. Carrying out Advertising, Promotion and Marketing Activities
8. Carrying out Activities for Customer Satisfaction
9. Ensuring Physical Venue Security
10. Follow-up of Requests / Complaints
11. Fulfillment of Legal Obligations
12. Carrying out Legal Processes
13. Carrying out Communication Activities and Sending Commercial Electronic Messages
14. Establishment of Membership Agreements
15. Information and Transaction Security
16. Planning and Performing the Processes of Establishing and Increasing Loyalty to the Products and Services Offered by the Company
17. Planning and Carrying out Market Research Activities for Sales and Marketing of Products and Services
18. Providing Information to Authorized Institutions and Organizations
Financial Operations
1. Banking and Insurance Transactions
2. All Payment and Collection Transactions
3. Finance and Accounting Transactions
4. Investment Processes
5. Financial Leasing Operations
6. E-invoice and E-archive Operations
7. Operations regarding Tax Legislation
8. Retention of information in accordance with the relevant legislation; copying, backing up to prevent loss of information; checking the consistency of information
Legal, Technical and Administrative Activities
1. Planning and Carrying out Emergency Management Processes
2. Planning and Carrying out Occupational Health and Safety Processes
3. Following-up Legal Affairs
4. Providing Information to Authorized Organizations
5. Creating and Tracking Visitor Records
6. Planning and carrying out the Company's Production and Operational Risk Processes
7. Ensuring the Security of Company Operations
8. Ensuring the Security of Company Campuses and Facilities
9. Ensuring the Security of Movable Property and Resources
10. Planning and Carrying out Company Audit Activities
11. Planning and Carrying out the Activities of the Company in Compliance with the Relevant Legislation and Management of Information and Transaction Security Processes
Strategic Planning & Business Partners / Supplier Management
1. Performing Activities in Compliance with the Legislation
2. Performing Contract, Order, Supply Processes
3. Performing Finance and Accounting Affairs
4. Ensuring Physical Space Security
5. Performing of Logistics Activities
6. Managing Supply Chain Management Processes
7. Retention of information in accordance with the relevant legislation; copying, backing up to prevent loss of information; checking the consistency of information; taking the necessary technical and administrative measures for the security of our databases and information.
If the company engages with any customers during their visits to Pierre Cardin, US POLO and Cacharel websites, memberships to these websites, participation in loyalty programs, shopping, purchases made from physical stores, modification slips completed during store visits, product review forms and other forms; posts in telephone or e-mail correspondence, conversations with Customer Services on the phone, filled contact forms or any commercial or legal relationship, the company, depending on the relationship, collects and processes identity particulars (Name, Surname, Turkish citizenship number, Gender, Date of Birth), contact information (E-mail Address, Address and Telephone), data about the product purchased within the scope of the Company's field of activity, audio data recorded in the conversations with customer services, visual data taken with the security cameras in the store of the data subject within the scope of the contract, its performance, the establishment of a right and legitimate interests, in accordance with Point 2 of Article 5 of the Law.
In addition to this information, personal information about profession and marital status can also be collected in order to organize special campaigns for customers and to define special discounts within the scope of loyalty cards, but explicit consent is requested from the data subject for the processing of this data.
In addition, explicit consent of the data subject is requested for the purposes of using the personal data shared by the Customers who are willing to benefit from and aware of the products and service and advantages offered by AYDINLI, and making all kinds of electronic communications and other sending messages for special promotions, sales, marketing, questionnaires and similar.
In the event that no relationship is established with the data subject regarding the product or service, the above-mentioned data can only be processed with explicit consent for the following purposes.
The Company carries out data processing activities in accordance with the business relationship established with natural or legal persons regarding the products and services it offers.
The data obtained directly from the data subject during visits to our website, Fashionalty (Loyalty Card) membership, shares in our Social Media Accounts, telephone or e-mail correspondence, calls/shares with Customer Services on the phone, requests, suggestions or complaints and business cards shared at exhibitions and events (data on the business card is regarded as made public) the identity particulars (Name, Surname, Date of Birth, Gender, Date of Birth) and contact number, E-mail address), profession and marriage date is processed based on EXPLICIT CONSENT in accordance with Article 5 of the Law. Also, the data is processed to inform the data subject about the products and services of our company, send electronic messages related to advertisements and campaigns, and offer a number of products specific to the data subject for the marketing purposes based on the consent of the data subject (for electronic commercial communication).
As specified in the Law 6698 and to the extent permitted by the law, any document and information kept in the personnel file of the employee as per Article 75 of the Labor Law No. 4857 of the employees working within the company are regarded as personal data and are collected for the purposes of, including but not limited to, establishing the employment contract and fulfilling its requirements, proving the business relationship, recording information on wages and salaries, sending legal notifications to the Ministry of Finance, Ministry of Labor, Social Security Institution and all other institutions, implementation of occupational health and safety principles, fulfillment of legal obligations, determination of working conditions, management of services provided to employees within the company (food, shuttle bus, security, etc.), private health insurance policies, travel insurance, flight and hotel reservations for employees and their family members, opening bank accounts for salary payments, compulsory Individual Pension payments, social security premium payments, provision of scholarships offered to employees and following up procedures at the governmental offices.
Data processing purposes related to employees are given below :
As the data controller by the company processes and stores the particulars of the candidates received through the CVs submitted during job applications or the forms filled for that purpose (identity, contact, education, profession, wage, military status, employment history, references and any information obtained as a result of aptitude tests conducted through various departments to reveal the candidate's ability/performance) for 2 years in the automated systems or physical environments of the relevant company and in written format in order to establish a business relationship with the candidate employees. The aim here is to re-evaluate the candidate during this period and to keep them in the system for a certain period of time for a possible business relationship to be established. If a business relationship is not established with the candidate within this period, this data is destroyed in the first periodical destruction process at the end of the 2nd year. In case the candidate is recruited, this information is kept in the relevant personnel file.
If the company requires to obtain data on candidate’s health and criminal record, which are considered the information of special nature by the employee candidate in the application form, it must seek explicit consent of the employee candidate in order to process this information. The Company does not process any other special personal data of the candidates, except for the data of special nature in this text. For this reason, candidates are requested not to include this information in their resumes and application forms.
The general data processing purposes of employee candidates are listed below :
The company processes personal data, of the natural persons during their visits to the Company's facilities to ensure the safety of the visitors and the company, through visitors logs and recordings of the security cameras. This personal data is not shared with third parties in any way other than being mandatory for the performance of the contract, legal obligations and written requests of the public authority. Necessary legal warnings and notifications in this regard are stated at the workplace entrances and in the clarification text on the website.
In this regard, for the purpose of ensuring security by the Company and for other purposes specified in this Policy; visitors may be granted internet access by the Company if they request it during their visits in the building and facilities. These log records are subject to the Law 5651 and relevant regulations and are only shared with those concerned when requested by authorized public institutions and organizations or during audits to be carried out within the Company.
The purposes of data processing in this area are stated below:
Within the scope of the business activities carried out by the Company, personal information (Identity, contact data, financial data, Signature) of natural or legal persons, merchants and tradesmen with whom the company has business relations are processed. These personal data are processed for the establishment and performance of our contracts in accordance with the principles stipulated in Article 5 of the Law in the meaning of legal obligations and interests of the company. Personal data of the Suppliers and Business Partners are directly collected by the company in electronic environment.
Data processing purposes;
The Company may transfer the personal data of the relevant persons within the scope of the Policy and in accordance with the principles set forth in the KVK Law, in particular Articles 8 and 9 of the KVK Law to the following groups of persons for the purposes specified in the table above :
Your Personal Data can be transferred to the persons in the following categories governed by the policy in accordance with the law for the following purposes:
PERSONS TO WHOM DATA CAN BE TRANSFERRED, DEFINITION ve PURPOSE OF DATA TRANSFER
Business Partner : Parties with whom the Company has established business partnerships to execute commercial activities, It can be used on a limited basis to establish the business partnership.
Supplier : Parties providing services to the Company on a contractual basis, in accordance with the Company's orders and instructions, It can be used on a limited basis to ensure that the services that the Company outsources from the supplier and that are necessary to carry out the Company's business activities such as as Banks, Insurance companies, Travel Agencies, Event Agencies, Service, Cargo, Training Companies, companies engaged for sending SMS and E-mail.
Affiliates : Companies in which the Company a shareholder,It can be used on a limited basis to ensure the execution of commercial activities that require the participation of the Company's affiliates.
Company Stakeholder :Company’s shareholders, It can be used on a limited basis to carry out the activities by the Company within the scope of companies act, event management and corporate communication processes.
Company Officials : Natural Persons authorized to sign, It can be used on a limited basis to design strategies for the company's commercial activities, ensure the highest level of management and to audit the processes.
Legally authorized public institutions and organization : Public institutions and organizations authorized to receive information and documents of the Company in accordance with the provisions of the relevant legislation, It can be used on a limited basis as may be requested by the relevant public institutions and organizations within their jurisdiction.
Legally authorized Private Persons : Private persons authorized to receive information and documents from the Company in accordance with the provisions of the relevant legislation, It can be used on a limited basis as may be requested by the legally authorized private persons.
Without prejudice to the provisions in other laws regarding erasure, destruction and anonymization personal data, the Company, shall erase, destruct or anonymize the personal data, ex officio or upon demand by the data subject, upon disappearance of reasons which required the process despite being processed under the provisions of this Law and other related laws.
The Company retains Personal Data for the period specified in this legislation, if stipulated. If a period of time is not regulated in the legislation regarding how long personal data should be stored, the Personal Data is processed for a period of time that requires it to be processed in accordance with the practices of the Company and the practices of the business life, depending on the activity carried out while processing that data. Pursuant to Article 7 of the Law, It is deleted, destroyed or anonymized ex officio or upon the demand by the data subject, in accordance with the guidelines published by the KVK (Personal Data Protection Council).
The Company has prepared and published a DESTRUCTION POLICY in which personal data destruction procedures are set forth. All destruction process is carried out in accordance with this policy.
The company, in accordance with Article 12 of the Law, takes all necessary technical and administrative measures to provide a sufficient level oof security in order to prevent unlawful processing, unlawful access to personal data and ensure the retention of personal data and conduct necessary inspections or have them conducted in the organization.
The Company takes technical and administrative measures according to technological possibilities and implementation cost in order to ensure that personal data is processed in accordance with the law.
(i) Technical measures Taken for Lawful Processing of Personal Data
(ii) Administrative Measures Taken for Lawful Processing of Personal Data
The Company informs you of your rights in accordance with Article 10 of the Law and it provides guidance on how to exercise these rights and carries out the necessary administrative and technical arrangements accordingly. Pursuant to Article 11 of the Law, the company informs the Data Subjects whose Personal Data is retained that he has right;
Data Subjects may submit their requests regarding their rights listed in article (7.1.) of this Policy to the Company free of charge with identity documents, by filling out and signing the Application Form or by another written document of similar content, using the methods specified below or other methods determined by the KVK Board.
(i) After the application form is filled, a signed copy is delivered to the address of Eski London Asfaltı NO:92/1F 34535 Mimarsinan Büyükçekmece Istanbul by hand or by registered mail,(ii) After the application form is filled, a signed copy is forwarded to musteri@aydinli.com.tr, through e-mail address previously notified to the company by the applicant and registered in the company systems ,(iii)After the application form is filled and signed with your “secure electronic signature” within the scope of Electronic Signature Law No. 5070, secure electronic signature form is forwarded to aydinlihazirgiyim@hs03.kep.tr via registered e-mail.
In order for third parties to request an application on behalf of Data Subjects, a special power of attorney issued through a notary public must be presented on behalf of the applicant.
In case the Data Subject submits their requests regarding their Personal Data to the Company in writing (in accordance with the communiqué published by the KVK Board), the Company, as the data controller, carries out the necessary processes as soon as possible to ensure that it is finalized within thirty (30) days at the latest in accordance with Article 13 of the KVK Law, depending on the nature of the request.
The company may request information to determine whether the applicant is the owner of the Personal Data subject to the application within the scope of ensuring data security. The Company may also ask questions about the application of the Data Subject to ensure that the application is concluded accordingly.
In cases where application of the Data Subject possibly hinders the rights and freedoms of other persons, requires disproportionate effort, and the information is publicly available, the request may be rejected by the Data Controller by explaining the reason.
The Company reserves the right to make changes in this Policy and other related policies when there is any amendment in the law in accordance with the decisions of the KVK Board or in line with the developments in the sector or in the field of informatics.
Any amendments to this Policy are immediately processed in the text and explanations regarding the amendment are given at the end of the Policy.
Amendments
02/04/2018 : The Policy on Processing and Protection of Personal Data has been published.
01/05/2021 : The Policy on Processing and Protection of Personal Data has been updated in the light of current developments.
Eski Londra Asfaltı NO:92/1F 34535 Mimarsinan Büyükçekmece Istanbul Türkiye
Telefon +90 (212) 863 46 80 pbx
www.aydinli.com.tr / musteri@aydinli.com.tr
Mersis No: 278895437666139