Data Privacy and Security
Data Privacy and Security
Dear Customers, Members, Business Partners/Suppliers, Personnel Candidates and Visitors ; Derimod Leather Conf. Sun. Singing. and Tic. As A.Ş (“ DERİMOD ” or “ Company” ), we attach great importance to the protection of your personal data. In this context, we would like to inform you about your personal data and processing processes as "data controller" in accordance with the Personal Data Protection Law No. 6698 (" KVKK ").
This Policy aims to ensure the sustainability of the Company's "principle of conducting company activities in transparency". In this context, the basic principles adopted in terms of compliance of the Company's data processing activities with the regulations in the Personal Data Protection Law No. 6698 ("KVK Law") are determined and the practices implemented by the Company are explained.
The Policy is directed to natural persons whose personal data are processed by the Company through automatic or non-automatic means provided that it is part of any data recording system.
The policy was published by the Company on its website and made available to the public. In case of conflict between the current legislation, especially the Law, and the regulations contained in this Policy, the provisions of the legislation shall apply.
The Company reserves the right to make changes to the Policy in parallel with legal regulations.
WHAT PERSONAL DATA DO WE PROCESS?
The following personal data may be processed depending on the exchange of goods/services between you and DERİMOD, concluding a membership agreement, visiting our workplaces, applying for a job, or otherwise entering into a legal or commercial relationship.
Identity Information: Data regarding Name-Surname, TR ID number, Gender, Date of Birth, IP address.
Contact Information: Data regarding address, telephone number and e-mail address.
Visual and Audio Information: Data regarding the images of people recorded in camera recordings made for security purposes in DERİMOD physical environments and the voices of people recorded during call center calls.
Purchased Product and Payment Information: Data regarding the products purchased within the scope of purchases made from the DERİMOD website or stores.
Shopping Habit: Data regarding the results of a person's tastes, likes and preferences obtained through cookies during navigation on DERİMOD websites.
Education Data: Data such as diplomas, transcripts and certificates that are included in the forms filled out by personnel candidates within the scope of their job applications or in the CV document they prepared, showing their educational history.
Professional Experience: Data that is included in the form filled out by personnel candidates within the scope of their job applications or in the CV document they prepared, showing their experience in working life and professional titles.
Special Personal Data: Data consisting of health declaration and criminal record shared by personnel candidates within the scope of their job applications.
CONTACT CATEGORIES |
EXPLANATION |
|
one |
Customer |
It refers to real or legal persons who benefit from the services offered by DERİMOD. |
2 |
Potential Customer |
It refers to natural or legal persons who show interest in using the services offered by DERİMOD, who have the potential to turn into customers, who show their will to benefit from the services through the website or other channels, and who request an offer. |
3 |
Visitor |
It refers to real people who visit all workplaces and websites of the company. |
4 |
Third Parties |
It refers to real persons, except for the relevant person categories listed above and DERIMOD employees. |
5 |
Business Partners/Suppliers |
It refers to the parties and employees of these parties with whom DERİMOD has established a business partnership for purposes such as carrying out its commercial activities or who, in this context, provide goods or services to the Company in accordance with the instructions of DERİMOD and on a contract basis. |
6 |
Personnel Candidate |
It refers to people who apply for a job at DERIMOD. |
HOW AND FOR WHAT LEGAL REASONS DO WE COLLECT YOUR PERSONAL DATA?
In the Physical Environment;
Your personal data; It is collected directly from you within the scope of your purchases from DERİMOD's stores, the forms you fill out in stores and events, your store visits, the contracts you sign, the CVs you share within the scope of your job application or the job application forms you fill out.
In Electronic Media;
The purchases you make on DERİMOD's website, the Derimod Club Card membership forms you fill out, the requests and complaints you share on the website, by phone or e-mail are collected directly from you electronically through our call center and your posts on our social media accounts.
Your personal data collected from both environments is recorded in the DERİMOD database and can be processed by automatic and non-automatic means.
Within the scope of the commercial and/or contractual relationship between you and DERIMOD (product or service exchange, membership agreement, workplace visits), within the framework of the following purposes and in accordance with Article 5 of Law No. 6698; It can be processed within the scope of our legitimate interests, provided that the establishment and execution of a contract, the establishment of a right, the fulfillment of legal obligations and protecting your rights and not causing harm . During your visits to our workplaces, for security reasons, your identity information and your image via security cameras are recorded and processed on a limited basis with this operation.
In cases where you do not receive goods or services from DERİMOD, or if no legal or commercial relationship is established between us, we may process your personal data mentioned above, based on YOUR EXPRESS CONSENT, in accordance with Article 5, Paragraph 1 of the Law. Your explicit consent can be obtained by submitting the PASSWORD generated for you to the DERİMOD staff in return for your wet signature in printed forms in our stores or if you find the clarification text sent to you via SMS appropriate, or by ticking the permission/approval boxes in the membership and shopping areas on the website and clicking the "send" button. It will also be received if you press the button. You can revoke permissions at any time.
PURPOSES OF PROCESSING YOUR PERSONAL DATA
Your Personal Data is processed for the following purposes:
1) For Customers and Members;
1) Execution of Goods / Service Purchasing Processes
2) Execution of Goods / Service Sales Processes
3) Execution of Customer Relationship Management Processes
4) Carrying out Activities for Customer Satisfaction
5) Ensuring Physical Space Security
6) Carrying out transactions and activities within the scope of commercial / contractual relationships and fulfilling financial and legal obligations
7) Tracking of Requests / Complaints
8) Fulfillment of legal obligations
9) Establishment and execution of the membership agreement and enabling customers to benefit from membership benefits
10) Carrying out legal processes
11) Promotion and marketing activities
12) Providing Information to Authorized Persons, Institutions and Organizations
13) Sending commercial electronic messages
14) Information Security
15) Preservation of your information that must be kept in accordance with the relevant legislation; copying and backing up information to prevent information loss; ensuring the consistency of your information; Taking the necessary technical and administrative measures for the security of our databases and your information
2) For Potential Customers;
Your identity and contact information obtained directly from you through your visits to our website and stores, the forms you fill out, your e-bulletin membership, your posts on our Social Media Accounts, your requests and complaints submitted to our call center; It is processed based on your explicit consent, in accordance with marketing purposes, within the framework of the aim of informing you about our company's products and services and offering you some special products. If there is a request or complaint you have forwarded to DERIMOD, your identity and contact information are processed for a limited time in accordance with Article 5/2 of the Law in order to manage this request and complaint.
3) For Suppliers/Business Partners;
Within the scope of the commercial relationship between you and our company, the personal data of your company officials and employees are stated in Article 5 of the Law; It may be processed within the scope of the establishment and execution of our contracts, fulfillment of legal obligations and the legitimate interests of our company, in accordance with the basic principles stipulated in the Law and within the scope of personal data processing conditions, for the following purposes.
1) Fulfillment of Legal Obligations
2) Execution of contract processes
3) Carrying out Finance and Accounting Affairs
4) Execution and follow-up of legal processes
5) Conducting Company Internal Operations
6) Strategy planning & business partners/supplier management
7) Ensuring physical space security
8) Execution of Logistics Activities
9) Managing Supply Chain Management Processes
10) Preservation of your information that must be kept in accordance with the relevant legislation; copying and backing up information to prevent information loss; ensuring the consistency of your information; Taking the necessary technical and administrative measures for the security of our databases and your information
4) For Visitors;
Within the scope of your visits to our company, our website and other workplaces, in order to ensure the security of our company and you, as well as to fulfill our legal obligations and depending on our legitimate interests, your identity and visual data with security cameras and visitor log books in physical environments, within the scope of internet access offered to you during your visit to our workplace. Your identity and contact data obtained are processed for the following purposes.
1) Conducting Audit and Security Activities
2) Security of movable goods and resources
3) Execution of Information Security Processes
4) Creating and Tracking Visitor Records
5) Ensuring Physical Space Security
6) Providing Information to Authorized Persons, Institutions and Organizations
7) Ensuring the Security of Data Controller Operations
8) Providing Internet Access and Ensuring Access Security
4) For Employee Candidates;
DERIMOD uses your personal data obtained by personnel candidates through the CVs you share or the application forms you fill out within the scope of your job applications either through our website www.derimod.com.tr or at our company headquarters or stores, as specified in Article 5 of the Law; It carries out data processing activities within the scope of our company's legitimate interests, for the purposes of personnel recruitment and management of human resources processes, and for the establishment of employment contracts, establishment of a right, and use as evidence in legal disputes, for the following purposes. If health declaration and sanction data are obtained from the personnel candidate, explicit consent is also requested.
1) Conducting Employee Candidate / Intern / Student Selection and Placement Processes
2) Carrying out the application processes of employee candidates
3) Conducting human resources operations and especially personnel recruitment and recruitment processes,
4) Carrying out Business Continuity Activities and Ensuring Physical Space Security
PARTIES TO WHICH YOUR PERSONAL DATA IS TRANSFERRED AND PURPOSES OF TRANSFER
DERİMOD may transfer your personal data to the following domestic recipient groups within the scope of the Law and other legislation for the purposes stated in this Policy:
1) To our suppliers and business partners with whom we work to provide or deliver the services offered to you (such as companies from which web infrastructure services are received, cargo companies, auditing companies)
2) Our business partners, supplier companies, banks, financial institutions with whom we cooperate and/or receive services for the provision, promotion and similar purposes of services,
3) To the advertising agencies from which we receive services for the management of our website and social media accounts,
4) Lawyers, auditors, consultants and companies from which services are received,
5) To your attorneys, guardians and representatives authorized by you,
6) Institutions or organizations authorized to request your personal data, such as regulatory and supervisory institutions, courts and enforcement offices, and the persons determined by them,
7) Our group company, DERİMOD KONFEKSİYON AYAKKABI DERİ SANAYİ VE TİCARET A.Ş., with which we use the same database. eat
COMMERCIAL ELECTRONIC COMMUNICATION
DERİMOD may also process identity and contact data and communicate with data subjects in order to send electronic commercial messages (SMS, E-MAIL, etc.) for commercial purposes such as advertisements, campaign announcements and promotions by using contact data. DERİMOD obtains electronic communication permission from the relevant persons for this activity and carries out the said activity within the scope of this permission.
RIGHTS OF RELATED PERSONS MENTIONED IN ARTICLE 11 OF THE LAW
1) Learning whether your Personal Data is being processed or not,
2) Requesting information if your Personal Data has been processed,
3) Learning the purpose of processing Personal Data and whether they are used for their intended purpose,
4) Knowing the third parties to whom your Personal Data is transferred at home or abroad,
5) Request correction of your Personal Data if it is incomplete or incorrectly processed,
6) Requesting the deletion or destruction of your Personal Data within the framework of the conditions stipulated in the KVKK legislation 1 ,
7) To request that the transactions carried out within the scope of Articles 5 and 6 be notified to third parties to whom your Personal Data has been transferred,
8) Object to the emergence of a result against you by analyzing the processed data exclusively through automatic systems,
9) If you suffer damage due to unlawful processing of Personal Data, you have the right to request compensation for this damage.;
ENSURING THE SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
The Company takes all necessary precautions, within the means possible, depending on the nature of the data to be protected, in order to prevent unlawful disclosure, access, transfer of personal data or security deficiencies that may occur in other ways.
In this context, the Company takes all necessary (i) administrative and (ii) technical measures, (iii) an audit system is established within the company and (iv) in case of illegal disclosure of personal data, the measures foreseen in the Personal Data Protection Law are acted upon.
DESTRUCTION OF PERSONAL DATA
Even though personal data has been processed in accordance with the law in accordance with Article 7 of the Law, in case the reasons requiring processing are eliminated, the personal data may be processed ex officio or upon the request of the Relevant Person, in accordance with the Data Protection and Destruction Policy, legislation and the guide published by the Institution, which has been specially prepared for this job. deletes, destroys or anonymizes it as appropriate.
DERİMOD has prepared a DISPOSAL POLICY in which the destruction procedures of personal data are determined and published within the company. All destruction processes are carried out in accordance with this policy. At the same time, destruction periods for each process and type of personal data are clearly determined in the DERİMOD personal data inventory. Periodic data destruction, which is carried out every 6 months, is based on the retention periods determined in the inventory.
ISSUES RELATED TO THE PROTECTION OF PERSONAL DATA
DERIMOD; In accordance with Article 12 of the KVK Law, it takes the necessary technical and administrative measures to ensure the appropriate level of security in order to prevent the unlawful processing of the personal data it processes, unlawful access to the data and to ensure the preservation of the data, and carries out the necessary inspections or has them carried out in this context.
DERİMOD takes technical and administrative measures according to technological possibilities and implementation costs to ensure that personal data is processed in accordance with the law.
TECHNICAL MEASURES
The main technical measures taken by DERİMOD to ensure the lawful processing of personal data are listed below:
1) Personal data processing activities carried out within DERİMOD are audited by the established technical systems.
2) The technical measures taken are periodically reported to the relevant person in accordance with the internal audit mechanism.
3) Departments on technical matters have been established and knowledgeable personnel are employed in this field.
4) New technological developments are followed and technical measures are taken on systems, especially in the field of cyber security, and the measures taken are periodically updated and renewed.
5) Access and authorization technical solutions are put into operation within the framework of legal compliance requirements determined specifically for each department within DERİMOD.
6) Access authorizations are limited and authorizations are reviewed regularly. Access restrictions are imposed on former employees and accounts are closed.
7) Technical measures taken in accordance with DERIMOD's internal operation are reported to the relevant users, risky issues are re-evaluated and the necessary technological solution is produced.
8) Software and hardware including virus protection systems, data vulnerability security and firewalls are installed.
9) Personnel specialized in technical matters are employed.
10) All information systems, including applications where personal data is collected, are regularly subjected to external impact testing to detect security vulnerabilities, and the vulnerabilities found are closed according to the results of this test.
ADMINISTRATIVE MEASURES
Administrative measures taken by DERİMOD for the lawful processing of personal data:
1) DERİMOD employees are informed and trained about personal data protection law and the lawful processing of personal data.
2) All personal data processing activities carried out by DERİMOD; It is carried out in accordance with the personal data inventory and attachments created by analyzing all business units in detail.
3) Personal data processing activities carried out by the relevant departments within DERİMOD; The obligations to be fulfilled to ensure that these activities comply with the personal data processing conditions required by KVKK are bound to written policies and procedures by DERİMOD, each business unit has been informed about this issue and the issues that need to be taken into consideration specific to the activity it carries out have been determined.
4) The supervision and management of the departments within DERİMOD regarding personal data security are organized by Information Security Committees. Awareness is created to ensure that the legal requirements determined on a business unit basis are met, and the necessary administrative measures are implemented through in-company policies, procedures and training to ensure the control of these issues and the continuity of the implementation.
5) Records containing information about personal data and data security are included in the service contracts and related documents between DERİMOD and employees, and additional protocols are made. Studies have been carried out to raise the necessary awareness for employees on this issue.
6) Legal compliance, access to personal data within the company and authorization processes are implemented for each department within DERİMOD, taking into account personal data processing processes.
7) You can submit your request for exercising your rights within the scope of KVKK mentioned above by filling out the application form on DERİMOD's website, together with the documents that will identify you, (i) by hand or by registered mail to DERİMOD's mailing address, with a wet signature, or (ii) by sending a copy thereof. You can send it to DERİMOD with a secure electronic signature via the address kvkk@derimod.com.tr.
In case the data owners (relevant persons) submit their requests regarding their personal data to our Company in writing, the Company, as the data controller, will take the necessary processes to ensure that the request is concluded as soon as possible and within thirty (30) days at the latest, in accordance with Article 13 of the KVK Law. is carrying out.
Within the scope of ensuring data security, the Company may request information to determine whether the applicant is the owner of the personal data subject to the application. Our company may also ask questions about the Relevant Person's application in order to ensure that his/her application is finalized in accordance with the request.
Application of the relevant person; In cases where there is a possibility of hindering the rights and freedoms of other persons, it requires disproportionate effort, or the information is public information, DERİMOD may reject the request by explaining the reason.
DEFINITIONS
Company |
Derimod Leather Conf. Sun. Singing. And Trade. Inc. |
Personal Data/Data |
It is any information regarding an identified or identifiable natural person. |
Processing of Personal Data |
Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using Personal Data by fully or partially automatic or non-automatic means provided that it is part of any data recording system. It is any operation performed on data, such as blocking. |
Personal Data Owner/Relevant Person |
It refers to Company Stakeholders, Company Business Partners, Company Officials, Employee Candidates, Visitors, Company and Group Company Customers, Potential Customers, Third Parties and persons whose personal data is processed by the company. |
Data Recording System |
It refers to the recording system in which personal data is structured and processed according to certain criteria. |
Data Controller |
It is the natural or legal person who determines the purposes and methods of processing personal data and is responsible for establishing and managing the data recording system. |
Data Processor |
It is a real or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller. |
Explicit Consent |
It is consent regarding a specific subject, based on informed consent and expressed with free will. |
Anonymization |
It is the process of making data that was previously associated with a person impossible to associate it with an identified or identifiable natural person in any way, even by matching it with other data. |
Destruction |
It is the process of eliminating personal data by deleting, destroying or making it anonymous. |
Law |
It refers to the Personal Data Protection Law No. 6698. |
KVK Board |
It is the Personal Data Protection Board. |
SECURITY OF INFORMATION
DERIMOD attaches great importance to the security of its customers' information and works with the most advanced technological tools to ensure this. In order to ensure the security of our site, all physical, electronic and administrative measures have been taken in secure environments. All information is stored and backed up on secure servers.
Information received through our site is transmitted using a technology called SSL (Secure Socket Layer) that provides secure information transfer. On the pages on our site where you transfer your financial information, you will see a lock or key image on the far right side of your browser's address line (depending on the browser you are using) and the first letters of the address in this address line change from 'http' to 'https' connected. If you see these, you can be sure that you are on the secure servers of our site.
SITE-VISITOR COMMUNICATION SECURITY
Communication between the site and the visitor on the order pages of DERİMOD's website takes place with 128 bit SSL standard. The communication standard in question is of a quality that can be used safely even on sites with a large number of transactions. It indicates whether this form of communication is available on the page where credit card information will be given or not, when the page is accessed, the expression written in the address bar is in the form of https://.., not http://... When you access pages of this nature, there is a lock sign in the lower right corner of the browser.
SITE-BANK COMMUNICATION SECURITY
Security regarding the transfer of credit card information from the site to the bank is achieved with the maximum security offered by the Bank. In addition to many components of the security in question, the CVV2/CVC2 code is also used on our site as a precaution against shopping with stolen cards or card information.
IN-SITE DATA SECURITY
During your transactions in a secure environment, no person, institution or organization can access your information except you and the bank that allocated the credit card to you. The credit card transaction page transmits the card information directly to the bank POS system and notifies the customer of the transaction result. Credit card information is not transferred via e-mail or similar methods. It is not possible even for us to access the credit card information transferred as a result of the online transaction.
ENFORCEMENT OF THE POLICY
This Policy, issued by DERİMOD, came into force on December 17, 2019. This Policy is published on DERİMOD's website (www.derimod.com.tr) and made available to relevant persons upon the request of personal data owners.
DERİMOD LEATHER KOFEKSİYON MARKETING INDUSTRY AND TRADE INC. (DATA RESPONSIBLE)
ADDRESS : Gürsel Mahallesi İmrahor Caddesi Premier Campus Ofis Blok No:29 /A Independent section no. 219 Kağıthane/İSTANBUL
PHONE: 0850 288 4 288
MERSIS: 293000831300010
WEB: www.derimod.com.tr