Personal Data Policy

[Eysell Jewellery] Personal Data Policy – General Information on the Personal Data Protection Law

The Law on the Protection of Personal Data No. 6698 (hereinafter referred to as the “KVKK”) was adopted on 24 March 2016 and published in the Official Gazette No. 29677 dated 7 April 2016. Some provisions of the KVKK entered into force on the date of publication, and the remaining provisions entered into force on 7 October 2016.

Information as Data Controller

Pursuant to the KVKK No. 6698, and in our capacity as Data Controller, your personal data may be recorded, stored, updated, disclosed/transferred to third parties in cases permitted by the legislation, classified and processed in the ways listed in the KVKK, all within the framework explained on this page.

How Your Data May Be Processed

In accordance with the KVKK No. 6698, the personal data you share with our Company may be processed by us, in whole or in part, by automated means or by non-automated means, provided that they form part of a data recording system, by being obtained, recorded, stored, modified, rearranged – in short, by being subjected to any operation performed on data.

Within the scope of the KVKK, any operation performed on data is deemed as “processing of personal data”.

Purposes and Legal Grounds for Processing Your Data

Your personal data may be processed in accordance with the KVKK No. 6698 and relevant secondary legislation, for the purposes of:

  • Fulfilling the requirements of the services we provide to our customers in line with the requirements of the contract and technology, and improving the products and services we offer;

  • Recording the identity, address and other necessary information of the transaction owner within the framework of the Law No. 6563 on the Regulation of Electronic Commerce, the Law No. 6502 on the Protection of Consumers, the Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce published in the Official Gazette No. 29457 dated 26.08.2015, the Regulation on Distance Contracts published in the Official Gazette No. 29188 dated 27.11.2014, and other relevant legislation;

  • Preparing all records and documents that will form the basis of the transaction in paper or electronic form in the fields of banking and electronic payment, where required by law for payment systems and electronic contracts; fulfilling information retention, reporting and information obligations stipulated by legislation and other authorities;

  • Providing information to public prosecutors’ offices, courts and relevant public officials upon request and as required by the legislation in matters relating to public security and in legal disputes.

Information on Third Parties and Organizations to Which Your Data May Be Transferred

For the purposes specified above, the third parties and organizations to which your personal data that you share with our Company may be transferred include, in particular:

  • IdeaSoft Yazılım San. ve Tic. A.Ş., which provides the e-commerce infrastructure of our Company,

  • Our suppliers,

  • Cargo/shipping companies and other persons and organizations related to the services provided,

  • Program partner organizations with whom we cooperate to conduct our activities and/or from whom we receive services in the capacity of Data Processor,

  • Domestic and international organizations and other third parties,

provided that such transfer is in compliance with the KVKK.

Methods of Collecting Your Data

Your personal data may be processed and collected:

  • Via our Company’s website and mobile applications through forms where you provide information such as name, surname, national ID number, address, telephone number, business or personal e-mail address; through preference settings on pages accessed with a username and password; through IP records of transactions performed; through cookie data collected by the browser, duration and details of browsing, and location data;

  • Via our sales and marketing department staff, branches, suppliers, other sales channels, paper forms, business cards, digital marketing channels and call center, by verbal, written or electronic means;

  • From persons who establish a commercial relationship with our Company, apply for a job, or submit an offer, by sharing their personal data via business cards, résumés (CVs), offers and other means, in a physical or virtual environment, face-to-face or remotely, verbally, in writing or electronically;

  • Indirectly through different channels, from websites, blogs, micro-sites used for contests, surveys, games, campaigns and similar purposes, and from social media; from data obtained through e-newsletter reading or click behavior; from data provided by publicly available databases; and from profiles and data shared publicly on social media platforms.

All such data may be processed and collected by our Company.

Your Personal Data Obtained Before the KVKK Entered into Force

Your personal data, which were lawfully obtained prior to the effective date of the KVKK, i.e., 7 April 2016, through membership, electronic communication consent, product/service purchases and other means, are also processed and stored in accordance with the terms and conditions set out in this document.

Transfer of Your Personal Data Abroad

Your personal data, which are processed in Türkiye or processed and stored outside Türkiye, and collected by any of the methods listed above, may be transferred to service providers located abroad (to countries accredited by the Personal Data Protection Board and having adequate protection in terms of personal data protection) in compliance with the KVKK and for the purposes of the contract.

Storage and Protection of Personal Data

Your personal data in the databases and systems held by our Company shall be kept confidential pursuant to Article 12 of the KVKK and shall not be shared with third parties in any way except for legal obligations and the regulations specified in this document.

Our Company is obliged to prevent unlawful processing of personal data, prevent unauthorized access, and take software-based measures such as access management and physical security measures, in accordance with Article 12 of the KVKK.

In the event that it is learned that personal data have been obtained by others by unlawful means, the situation shall be reported without delay in writing to the Personal Data Protection Board in accordance with the legal regulation.

Keeping Personal Data Accurate and Up to Date

Pursuant to Article 4 of the KVKK, our Company has an obligation to keep your personal data accurate and up to date. In this context, in order for our Company to fulfill its obligations under the applicable legislation, our Customers are required to share accurate and up-to-date data or to update their data via the website/mobile application.

Rights of the Data Subject under the KVKK No. 6698

Article 11 of the KVKK No. 6698 entered into force on 7 October 2016. Pursuant to this article, the Data Subject has the following rights by applying to our Company (as Data Controller) regarding his/her personal data:

  • To learn whether personal data are processed,

  • If personal data have been processed, to request information regarding such processing,

  • To learn the purpose of processing personal data and whether they are used in accordance with their purpose,

  • To know the third parties to whom personal data are transferred, whether domestically or abroad,

  • To request correction of personal data if they are incomplete or incorrectly processed,

  • To request deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK,

  • To request that the transactions carried out pursuant to the above (correction, deletion, destruction) be notified to third parties to whom personal data have been transferred,

  • To object to the occurrence of a result against the person himself/herself by means of analysis of the processed data exclusively through automated systems,

  • To request compensation for damages in case of suffering damage due to unlawful processing of personal data.

[................] registered with the [..........................] Chamber of Commerce under registration number [..........................], having MERSIS number [.............................] and located at [.......................................................................], [Full Company Name] is the Data Controller within the scope of the KVKK.

The Data Controller Representative to be appointed by our Company shall be announced in the Data Controllers Registry and on the internet address where this document is published, once the legal infrastructure is in place.

Data Subjects may direct their questions, opinions or requests via any of the following communication channels:

E-mail: [.........................]

Telephone: [.........................]

Fax: [.............................]

 

cultureSettings.RegionId: 0 cultureSettings.LanguageCode: EN
google-site-verification=ByIDT3gYn3hnnSRxh2U7-bGHM4o0S_nG2jXaGranzCo