DATA POLICY

  1. PURPOSE

As Sebahattin AKKAYA’s company; Personal data of real persons, including our members, customers, visitors, suppliers and employees, are processed in accordance with the relevant legislation, in particular the Constitution of the Republic of Turkey, the International Conventions to which our country is a party on human rights, and the Personal Data Protection Law No. 6698 (“KVKK”). It is our priority to ensure that the relevant persons whose data is processed can effectively exercise their rights.

Therefore, but not limited to the aforementioned, we realize the processes related to the processing, storage and transfer of data regarding all personal data belonging to our employees, our suppliers, our customers, our visitors, our members, users who visit our stores and website and mobile applications according to ‘Sebahattin AKKAYA Personal Data Protection and Processing Policy (“Policy”)’. We have acquired all those data during our activities.

Protection of personal data and observance of the fundamental rights and freedoms of real persons whose personal data are collected are the basic principles of our policy regarding the processing of personal data. For this reason, we carry out all our activities in which personal data are processed by observing the protection of privacy of private life, privacy of personal information, privacy of communication, freedom of thought and belief, and the right to use effective legal remedies.

For the purpose of protecting personal data, we take all administrative and technical protection measures required by the nature of the related data in accordance with the legislation and current technology.

This Policy explains the methods we follow relating to the processing, storage, transfer and deletion or anonymization of personal data shared during our commercial, promotional-marketing or social responsibility and similar activities within the framework of the principles mentioned in the KVKK.

  1. SCOPE

All personal data processed by the Company, including our visitors, business contacts, business partners, employees, suppliers, members, third parties, are covered by this Policy.

Our policy applied in activities related to the processing of all personal data owned or managed by the Company has been reviewed and prepared in accordance with the KVKK and other relevant legislation on personal data and international standards in this field.

  1. DEFINITIONS AND ABBREVIATIONS

In this section, special terms and phrases, concepts, abbreviations etc. in the Policy are explained briefly.

AKDİŞ PRACTİCO: Sebahattin AKKAYA
express consent: the approval given specific to only that transaction with clarity that does not cause hesitation based on information and free will regarding a specific subject.
Anonymization: It is the rendering of personal data that cannot be associated with an identified or identifiable real person in any way including matching it with other data. labor: Company Personnel.
Personal Data Owner (Relevant Person)     : The real person whose personal data is processed.

Personal data: All kinds of information regarding an identified or identifiable real person.
Special Quality Personal Data: People’s race, ethnic origin, political opinion, philosophical belief, religion, sect, or other beliefs, health information, fingerprints, attire and clothing, membership in associations-foundations or trade unions, health, sexual life, criminal conviction, security measures, biometric and genetic data.

Processing of Personal Data: Any operations performed on data such obtaining, saving, storing, changing, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing use of personal data via fully or partially automatic means or non-automatic means by providing that it is part of any data recording system.

Data Processor: The real or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.

Data controller: real or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

Board of KVK    : Personal Data Protection Board.
KVK Authority    : Personal Data Protection Authority.
KVKK   : Personal Data Protection Law published in the Official Gazette dated April 7, 2016 and numbered 29677.

Policy      : Sebahattin AKKAYA Personal Data Protection and Processing Policy.
KUT GROUP Membership System: Company and Company digital platforms membership system.

 

  1. ROLES AND RESPONSIBILITIES

4.1. Managers

Managers are responsible for the supervision of the determination and operation of notification, inspection and sanction mechanisms in case of non-compliance with the Policy, rules and regulations.

The Personal Data Protection and Processing Policy has been approved by the Company Manager.

It is the authorized approval mechanism to ensure that the policy is created, implemented and updated when necessary.

4.2 Control Unit

The control Unit is responsible for taking the necessary measures for compliance to the Policy of the companies which external services were received from together with the employees who took office, and to examine the issues in order to examine the issues contrary to the policy.

4.3 Information Systems Commission

Information Systems is responsible for the preparation, development, implementation and updating of this Policy. It evaluates this Policy in terms of its up-to-dateness and development needs when necessary. The publishing of the prepared documents on the corporation portal is under the responsibility of the Manager of Information Systems .

 

  1. LEGAL OBLIGATIONS

Legal obligations within the scope of protection and processing of personal data as a data controller in accordance with the KVKK are listed below:

5.1. Our obligation to clarify

While collecting personal data as a data controller;

  • For what purpose your personal data will be processed
  • our identity; if available, Information relating to the identity of our representative
  • To whom and for what purpose your processed personal data can be transferred
  • Our method of collecting data and its legal reason
  • Rights arising from the law,

We are obliged to inform the Related Person in all these matters.

As a company, we take care that our policy, which is open to the public, is clear, understandable and easily accessible.

 

5.2. Our obligation to ensure data security

As a data controller, we take the administrative and technical measures predicted in the legislation to ensure the security of personal data under our responsibility. Obligations regarding data security and the measures taken are detailed in sections 9 and 10 of this Policy.

 

  1. CLASSIFICATION OF PERSONAL DATA

6.1. Personal data

Personal data; all kinds of information regarding an identified or identifiable real person.

Protection of personal data is only related with real persons. Information belonging to legal persons and that does not contain information about a real person inside is excluded from personal data protection. Therefore, this Policy is not applied to data belonging to legal entities.

 

6.2. Special quality personal data

Individuals’ race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, attire and clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data are private qualified personal data.

 

  1. PROCESSING of PERSONAL DATA

 

7.1. Our principles for processing personal data

We process personal data in accordance with the principles below.

 

7.1.1. Processing in accordance with the law and honesty rules

We process personal data in accordance with the rules of honesty, transparently and within the framework of our disclosure obligation.

 

7.1.2. Ensuring that personal data are accurate and, up-to-date when necessary,

We take the necessary measures in our data processing procedures to ensure that the processed data is accurate and up to date. We also allow the Personal Data Owner to apply to us to update his existing data and, if available, correct the errors in his  processed data.

 

7.1.3. Processing for specific, explicit and legitimate purposes

As a company, we process personal data within our determined legitimate aims in order to continue our activities within the framework of legislation of which scope and content are clearly defined and the usual flow of commercial life

 

7.1.4. personal data being limited, and to be linked to the purpose for which they are processed,

We process personal data in a limited, measured manner and in connection with the purpose we have clearly and precisely determined. We avoid the processing of personal data that are not relevant or need not be processed. For this reason, we do not process personal data of special nature unless there is a legal requirement, or we get explicit consent on the subject when we need to process it.

 

7.1.5. Storage of personal data as stipulated in legal regulations and within the scope of our commercial legitimate interests

Many regulations in the legislation oblige the storage of personal data for a certain period of time. We keep the personal data we proceed for the period stipulated in the relevant legislation or for the period required for the purposes of processing personal data. We delete, destroy or anonymize personal data in case the storage period stipulated in the legislation expires or the processing purpose disappears. Our principles and procedures regarding retention periods are detailed in Article 9.1 of this Policy.

 

7.2. Our purposes for processing personal data

We process personal data for the purposes listed below:

  • To carry out our commercial activities
  • To provide support services within the scope of the contract and within the framework of service standards
  • To determine the preferences and needs of our members / visitors, and to shape and update the services we provided within this scope
  • To ensure the fulfillment of our legal obligations as required by legal regulations
  • To evaluate job applications
  • To contact people who have business relations with the company
  • Marketing
  • To support the training, development and career processes of our employees
  • Compliance management
  • Seller / supplier management
  • Legal reporting
  • Billing
  • To carry out the Membership System
  • To ensure communication between KUT GROUP’s employee candidates and employers
  • Managing call center processes
  • To provide corporate communication
  • To individualize favorite campaigns, and to suggest campaigns and promotions according to interests
  • Providing contact between the company and the shipping or technical service after purchasing the product specific to KUT GROUP
  • To send newsletters via SMS or Electronic mail; engaging in marketing activities; making notifications.

 

7.3. Processing special quality personal data

Special quality personal data is processed by us in cases obligated by legislation or If there is explicit consent, or it is processed by taking the administrative and technical measures stipulated in the laws and stipulated by the KVK Board. Special quality personal data related to health and sexual life can be processed by persons or authorized institutions and organizations under the obligation of secrecy for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and managing health services with financing. So, it is not processed by us except for the data of our employees. Such data belonging to our employees, on the other hand, can be processed by the persons stipulated in the laws.

 

7.4. Processing personal data collected through cookies

We use cookies to improve the functioning and usage of our internet pages or mobile applications. We try to make the time you spend on our digital platforms more efficient and enjoyable. In addition, we make use of some cookies to remember your preferences made on our websites and mobile applications. In this way, we provide you an enhanced and personalized experience. We can collect your personal data through cookies on our digital platforms. We can process, transfer and store the data we collected. You can find detailed information about the cookies we use in the “KUT GROUP Privacy Policy”.

7.5. Processing of personal data for recruitment and employment purposes

we process, store and transfer your CV, diploma, photo etc. personal data in the relevant documents you shared with us for the purpose of job application evaluation during the applications you will make as an employee candidate. The processing, transfer and storage of personal data you share as an employee candidate are covered by this Policy. Personal data of the employee are collected, processed and stored within the framework of KUT GROUP Human Resources outside of this Policy.

7.6. Processing of personal data collected within the scope of other memberships provided through the membership system

In order to become a member to the digital platform through the system, visitors create membership in the system by sharing the following information with us;

  • Name – surname
  • E-mail address
  • Phone number
  • Date of Birth-TR identity no

The deletion, destruction or anonymization of personal data within the scope of this platform is within the scope of Article 9 of this Policy.

7.7. Processing personal data collected within the scope of the Job Application

Application forms, resumes and personal data obtained through applications made to intermediary institutions will be recorded to be used for the evaluation of the job application.

They are advised to review their personal data processing and privacy policies.

Those who apply with the Application Form create a CV by sharing their following information;

  • Identity information (name, surname, date of birth, TR identity number)
  • Contact information (address, e-mail address, telephone number, etc.)
  • Educational information (graduation schools, etc.)
  • Work experiences
  • Foreign language knowledge
  • Computer knowledge
  • Certificate
  • Reference
  • Photo
  • Health data
  • General information such as Driving License / Travelability etc.

The above information is requested from the candidate who creates a CV according to the attribute of the application made by him in order to evaluate whether he is qualified for the job in question. The requested health information is only processed for employment purposes within the scope of the relevant legislation. They create a resume by sharing their information. İn addtition,  photo-health data may be requested by the employer from the member who creates the CV according on the attribute of the application in order to evaluate whether he is qualified for the job in question.

The requested health information is only processed for employment purposes within the scope of the relevant legislation.

The information shared by the applicants within the scope of the CV can be viewed by the employer companies. Within the scope of the legislation, it keeps the identity, education and vocational information of the APPLICANT and can transfer this data to solution partners, public institutions and organizations upon request. Deletion, destruction or anonymization of personal data within the scope of this platform is within the scope of Article 9 of this Policy. In the event that the job application process results negatively, the processing and data security of the personal data shared with the employer are under the responsibility of the employer.

 

7.8. Processing of personal data collected within the scope of Purchasing Transactions

When a purchase is made, the financial information of the CUSTOMER is transferred to persons and institutions such as banks or credit card companies in order to carry out the transaction.

The data transferred are data related to the purposes of payment such as the following;

Credit Card Number

Expiration date

CVV2

or bank account information

in the course of purchasing, data such as invoice and payment information (name, surname, identity no, tel number, invoice address) of the customer, receipt samples of invoices which sended and payments received from members, payment number, invoice amount, invoice date and invoice number are received. These data are processed within the scope of the managing of billing process, accounting, after-sales services, communication, marketing, control and the processes carried out together with payment service providers. When the purchase is made, the financial information of the customer is transferred to institutions such as banks or credit card companies in order to carry out the transaction. Credit card information is not kept in KUT GROUP databases.

Video recording is made in the stores during shopping to view cash transactions and for security purposes. In distant sales made by phone, voice recording is taken to ensure safe sales.

The aforementioned data are transferred according to Article 8 of this Policy and shared with third parties. The deletion, destruction or anonymization of personal data within the scope of this platform is within the scope of Article 9 of this Policy.

 

7.9. Exceptional cases where explicit consent is not sought in the processing of personal data

In exceptional cases listed below and arising from the law, we may process personal data without obtaining explicit consent:

  • Clearly stipulated in the laws
  • It is necessary to process personal data belonging to the parties of the contract, provided that it is directly related to the establishment or performance of a contract.
  • Data processing is mandatory for the establishment, use or protection of a right
  • It is obligatory for us to process your data for our legitimate interests as a data controller, provided that it does not harm fundamental rights and freedoms.
  • Exceptional circumstances where special quality personal data can be processed without the explicit consent of the Relevant Person are specified in Article 7.3 of this Policy.

 

  1. TRANSFER OF PERSONAL DATA

8.1. Transfer personal data to domestic

As a company, we act in line with the decisions and regulations stipulated in the KVKK and taken by the KVK Board regarding the transfer of personal data.

Personal data and special quality data cannot be transferred by us to other real persons or legal entities without the explicit consent of the Relevant Person, provided that exceptional circumstances in the legislation are reserved.

Data can be transferred to the the authorized administrative or judicial institution or organization as stipulated in the legislation and depending on the limits even without the explicit consent of the Relevant Person in exceptional cases stipulated by KVKK and other legislation.

In addition, with the exceptional circumstances stipulated by the legislation;

In cases explained in the policy

in cases considered from the Policy regarding special personal data,

Data on the health of the Relevant Person and special quality personal data can be transferred to persons or authorized institutions and organizations under the obligation of secrecy without seeking explicit consent with the taking of the measures stipulated by the KVK Board and the relevant legislation for the purpose of protecting public health, preventive medicine, medical diagnosis, carriying out treatment and care services, planning and managing health services and financing.

8.2. Transfer of personal data to abroad

As a rule, personal data are not transferred to abroad without the exprite consent of the Related Person. However, in cases where there is one of the exceptional cases of this Policy, the following ways are followed:

Personal data may be transferred abroad without explicit consent in case of the presence of third parties in countries with adequate protection declared by the KVK Board;

if third parties are located in countries that do not have adequate protection, personal data can be transferred abroad without explicit consent in cases of the data controllers in Turkey and in the said foreign country guarantee the existence of an adequate protection in writing and the presences of KVK Board’s permission.

8.2.1. Transfer of personal data to abroad for the purposes of providing our services and marketing activities

We work with service providers abroad for the purposes of developing the website and digital platforms, conducting surveys, increasing the variety of products and services according to the preferences of visitors and members, and measuring user experience. It is recommended to examine the relevant policies of the service providers with whom they cooperate regarding the processing and protection of personal data.

8.3. Institutions and organizations to which personal data are transferred

Personal data can be transferred to the following in accordance with the principles and rules described above:

  • To our suppliers
  • To our business partners and business contacts
  • To technical services
  • To shipping companies
  • To cargo companies
  • To legally authorized public institutions and organizations
  • To legally authorized private law persons
  • To independent control firms
  • To our partners

8.4. The measures we have taken regarding transfer of personal data in accordance with law

8.4.1. Technical measures

Without being limited to those listed to protect personal data;

  • We carry out in-house technical organization for the processing and storage of personal data in accordance with the legislation.
  • We create the technical infrastructure to ensure the security of the databases where your personal data will be stored.
  • We follow the processes of the technical infrastructure created and control it.
  • We determine the procedures regarding reporting of the technical measures and audit processes we have taken
  • We update and renew technical measures periodically.
  • Risky situations are re-examined and necessary technological solutions are produced.
  • We use virus protection systems, firewalls and similar software or hardware security products and we install security systems in accordance with technological developments.
  • We employ people who are experts in technical matters.

8.4.2. Administrative measures

Without being limited to those listed to protect your personal data;

  • We establish policies and procedures for access to personal data, including employees of the company and affiliates within our company.
  • We inform and train our employees regarding protection and processing of personal data accordance with law.
  • We record the measures to be taken in cases of the personal data are unlawfully processed by our Company Employees in the contracts we made with our employees and / or the policies we created
  • We control the personal data processing activities of the data processors whom we work with or of partners of the data processors

 

  1. STORAGE OF PERSONAL DATA

9.1. Storing personal data for the period stipulated in the relevant legislation or required for the purpose for which they are processed

We store personal data for the period required by the purpose of processing personal data providing that keeping the storage periods stipulated in the legislation. If we process personal data for more than one purpose, data is deleted, destroyed or stored by anonymization in case of the disappearance of data processing purposes or in case of there is no obstacle in the legislation to delete data on the demand of the Related Person. Regarding destruction, deletion or anonymization, the provisions of the legislation and the decisions of the KVK Board are complied with.

9.2. Measures we take regarding the storage of personal data

9.2.1. Technical measures

  • We create technical infrastructures and control mechanisms related to these for the deletion, destruction and anonymization of personal data.
  • We take the necessary measures to keep personal data safe.
  • we employ employees with technical expertise
  • we create systems regarding implementation of these by creating emergency plans and business continuity against the risks that may occur.
  • We establish security systems in accordance with technological developments regarding the storage areas of personal data.

9.2.2. Administrative measures

  • We raise awareness by informing our employees about the technical and administrative risks associated with the storage of personal data.
  • İn the case of collaborating with third parties for the storage of personal data, we include provisions regarding the taken necessary security measures in contracts made with companies to which personal data are transferred for the protection and safe storage of personal data transferred by persons to whom personal data are transferred.
  1. SECURITY OF PERSONAL DATA

10.1. Our obligations regarding the security of personal data

  • We prevent unlawful processing of personal data.
  • We prevent unlawful access to personal data.
  • We ensure that personal data are stored in accordance with the Law.
  • We take administrative and technical measures according to technological possibilities and implementation costs.

10.2. Measures we take to prevent unlawful processing of personal data

  • We carry out the necessary inspections within our company and have them done.
  • We train and inform our employees about the processing of personal data in accordance with law,
  • The activities of our company are evaluated in detail in all business units particular. As a result of the aforementioned evaluation, we process personal data in particular to the commercial activities carried out by the relevant units.
  • İn case of the cooperation is made with third parties for the purpose of the processing of personal data, We include provisions regarding taken the necessary security measures by persons who process personal data in contracts made with companies that process personal data
  • In the event of unlawful disclosure of personal data or data leakage, we notify the KVK Board about the situation, and carry out the investigations and take measures stipulated by the legislation in this regard.

 

10.2.1. Technical and administrative measures taken to prevent unlawful access to personal data

To prevent unlawful access to personal data;

  • We employ technical experts
  • We update and renew technical measures periodically.
  • We create access authorization procedures within our company.
  • We determine the procedures regarding to reporting the technical measures and audit processes we have taken
  • We create the data recording systems used in our company in accordance with the legislation, and we periodically inspect them.
  • We create emergency aid plans against the risks that may occur and develop systems regarding the implementation of them.
  • We train and inform our employees about access to personal data and authorization.
  • In case of the cooperation is made with third parties for activities such as the processing and storage of personal data, we include provisions regarding to take necessary security measures by persons who have access to personal data in contracts made with companies that can access personal data.
  • We establish security systems within the technological developments in order to prevent illegal access to personal data.

 

10.2.2. The measures we take in case of illegal disclosure of personal data

We take administrative and technical measures to prevent illegal disclosure of personal data, and we update them in accordance with our relevant procedures. In the event that we determine that personal data is disclosed as unauthorized, we create systems and infrastructures to report this situation to the Relevant Person and the KVK Board. In the event of an illegal disclosure despite all administrative and technical measures taken, if KVK Board deems it necessary, this situation may be announced on the website of the KVK Board or by any other method.

  1. RIGHTS OF THE PERSONAL DATA OWNER

Within the scope of our clarification obligation, we inform the Personal Data Owner and establish systems and infrastructures related this information. We make the required technical and administrative arrangements in order to the Personal Data Owner exercise his / her rights regarding his / her personal data.

Personal Data Owner has the following rights;

  • Learning whether his/her personal data is processed or not
  • Requesting information if his/her personal data has been processed
  • Learning the purpose of processing of his/her personal data and whether they are used appropriately or not for their purpose.
  • the right to know the third parties to whom personal data have been transferred in the country or abroad
  • Requesting correction of errors if the personal data is incomplete or incorrectly processed
  • The right to request the deletion or destruction of personal data in case of the reasons which requires the processing of personal data disappear
  • The right to request that the above-mentioned correction, deletion or destruction operations are notified to third parties to whom personal data have been transferred
  • Object to the occurrence of an unfavorable result by analyzing the processed data exclusively through automated systems.
  • The right to request the compensation of the damage in case of the occurring damage due to the unlawful processing of personal data

 

11.1. Exercising the rights regarding personal data

The Personal Data Owner may send his / her request regarding his / her personal data in writing to the our adress ‘Kirazlık, Bayraktar street. No:24, 55330 Tekkeköy/Samsun’, or If his/her e-mail address is registered in our system, he/she can send it to e-mail adres ‘sales@akdispractico.com’.

Mandatory information to be written in the application:

  1. a) Name, surname, and signature if the application is in writing,

b)İdentity number for citizens of the Republic of Turkey; nationality and passport number for foreigners

  1. c) Place of residence adress or workplace address for notification,

ç) E-mail address, telephone and fax number for notification, if there is

  1. d) Subject of the request,

(3) Information and documents related to the subject are attached to the application.

(4) In written applications, the date of notification is the date of application.

(5) In applications made by other methods; the date the application is received is the application date.

These requests must be made individually. Requests made by unauthorized third parties regarding personal data will not be taken into consideration.

 

11.2. Evaluation of the application

11.2.1. Response time to application

 Requests related personal data are concluded free of charge as soon as possible according to the nature or in any case within 30 (thirty) days at the latest, or In case of formation of the conditions in the tariff to be published by the KVK Board regarding wages, requests are concluded against the fee in the tariff. It may be possible to request additional information and documents during the application or while the application is being evaluated.

 

11.2.2. Our right to reject the application

Applications related to personal data are rejected by informing justification for rejection in the following cases.

  • Processing personal data for purposes such as research, marketing, planning and statistics by anonymizing them with official statistics
  • Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate the privacy of private life or personal rights or does not constitute a crime.
  • Processing of personal data made public by the Personal Data Owner
  • The application doesnt rely on a reason
  • The application contains a request contrary to the relevant legislation,
  • Failure to comply with the application formality

 

11.3. Evaluation procedure of the application

In order to start the response period specified in this Policy, the requests made must be sent with the methods in article 11.1 and the information-documents that indicate the identity of the applicant.

If the request is accepted, the relevant process is applied, and and notifications are made in written or electronic form. If the request is rejected, the reason is explained to the applicant in writing or electronical form.

11.4. Right to complain to the Personal Data Protection Board

In such cases as like the application is rejected, the response we have given is insufficient and the response is not given in time, the applicant has the right to complain to the KVK Board within 30 (thirty) days from the date of receiving the answer and in any case within 60 (sixty) days from the date of application.

  1. PUBLISHING AND STORAGE OF THE DOCUMENT

This Policy is stored in two different media as in printed paper and electronic media.

  1. UPDATE PERIOD

This Policy is reviewed at least once every two years and updated in line with the principles when needed.

  1. EFFECTIVENESS

This Policy is deemed to have entered into force after its publication on the Company website.

  1. TERMINATION

In case of a decision to annul it, Old copies of this Policy with wet signature are canceled (by the cancellation stamp or by writing the cancellation) by the Legal Department with the written consent of the Department Manager and signed. And it is kept by the Legal Department for a period of 5 years.