Your Cart

Personal Data Processing and Protection Policy

Our company, AZKarbon Elektronik Ticaret Ve Hizmetler A.Åž. acts in the capacity of data controller with the awareness of the importance of the confidentiality and security of personal data obtained within the scope of the Personal Data Protection Law No. 6698 ("PDPL") and other relevant legislation. Law No. 6698 on the Protection of Personal Data and the relevant legislation aims to fulfil the requirements for compliance with the relevant legislation and to establish a data protection and processing policy in international standards. 

 

Our Company's Personal Data Protection Policy (Policy) is set forth in line with the principles of lawfulness, honesty and openness adopted by the Company in the protection and processing of personal data. 

 

In this Policy, due to our Company's capacity as a data controller, the basic principles we take as a basis in the processing of personal data are included. Our Company acts with the determination of maximum compliance by not compromising the basic principles during personal data processing activities and acts with the determination of maximum compliance. It determines its personal data processing processes with the Personal Data Inventory in accordance with the Constitution, PDPL and relevant legislation. These data are processed in accordance with the provisions of other relevant legislation, especially PDPL, and as specified in this Policy. 

 

2. SCOPE 

This Policy covers all personal data processed by automatic means or non-automatic means, provided that it is part of any data recording system, to the natural person who owns personal data defined as "data subject" in PDPL and related legislation. The method of collection of personal data obtained on the basis of the channels through which the personal data of the relevant persons reach our Company and the relevant persons accessing these channels, the legal reason for the collection, the purposes of processing and the shared parties are included in the Clarification Texts provided to the relevant persons in detail and, if necessary, in the Explicit Consent Texts.   

 

3. DEFINITIONS 

  

 

Anonymisation 

 

  

 

: 

 

Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data 

 

Explicit Consent 

 

: 

 

 The person whose personal data shall be processed declares their consent to the transaction after being informed before the relevant transaction is carried out. 

 

Clarification Text 

 

: 

 

Explanation to the data subject about the purpose for which the personal data shall be stored, for how long, by which method it is collected, how it is stored and whether it shall be shared with third parties 

 

Presidency 

 

: 

 

Presidency of the Personal Data Protection Authority 

 

Inventory  

 

: 

 

Inventory in which data controllers detail the personal data processing activities they carry out depending on their business processes by associating them with the purposes of personal data processing, data category, transferred recipient group and data subject group and by explaining the maximum period required for the purposes for which personal data are processed, the personal data foreseen to be transferred to foreign countries and the measures taken regarding data security. 

 

Relevant Person 

 

: 

 

The natural person whose personal data is processed 

 

Destruction 

 

: 

 

Deletion, destruction or anonymisation of personal data 

 

Processing 

 

: 

 

It is defined in Article 3 of the PDPL as the processes of recording, storing, preserving, changing, reorganising, disclosing, transferring, taking over, making available, and classifying personal data.  

 

Law / PDPL 

 

: 

 

Personal Data Protection Law 

 

Personal Data 

 

: 

 

Any information relating to the natural person who is identified or can be identified. For example, name, surname, Turkish ID, e-mail, address, date of birth, bank account number, etc. Therefore, the processing of information on legal entities is not covered by the PDPL. 

 

Processing Of Personal Data 

 

  

 

: 

 

Obtaining personal data in whole or in part by automatic or non-automatic means provided that it is part of any data recording system, saving, storing, changing, rearranging, explaining, transferring, inheriting data, all kinds of operations performed on the data, such as making the data available, classifying it or preventing it from being used, 

 

Board 

 

: 

 

Personal Data Protection Board 

 

Authority 

 

: 

 

Personal Data Protection Authority 

 

Sensitive Data 

 

  

 

  

 

Data about the race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, costume and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures of individuals, biometric and genetic data of people  

 

VERBIS 

 

: 

 

The information system created and managed by the Presidency, accessible via the Internet, which data controllers shall use in the application to the Registry and other related transactions regarding the Registry 

 

Data Processor 

 

: 

 

A natural or legal person who processes personal data on behalf of the data officer based on the authorisation given by the data officer. 

 

Data Officer 

 

: 

 

A natural or legal person who determines the purposes and methods of processing personal data and is responsible for the establishment and management of the data recording system. 

 

Data Controllers Registry 

 

: 

 

Data Controllers Registry kept by the Presidency 

 

Data Controller Contact Person 

 

: 

 

The natural person notified by the data controller during the registration to the Registry for the communication to be established with the Authority regarding the obligations of the legal entities resident in Turkey and the non-resident legal entity data controller representative within the scope of the Law and the secondary regulations to be issued based on this Law. 

 

Deletion 

 

: 

 

Deletion of Personal Data means that personal data cannot be accessed or reused in any way for the relevant users. 

 

Destruction 

 

: 

 

Destruction of personal data, the process of making personal data inaccessible, unrecoverable and unusable by anyone in any way 

 

  

 

  

 

BASIC PRINCIPLES IN THE PROCESSING OF PERSONAL DATA   

Our company meets the general principles and conditions specified in the legislation regarding the protection and processing of personal data and acts in accordance with the principles listed below in order to ensure that personal data is processed in accordance with the Constitution and PDPL and at the same time, our employees carry out our activities in accordance with these principles with high awareness in company practices. 

 

Processing of Personal Data is Prohibited as a Rule 

The Company is aware that the processing of personal data is prohibited as a rule and processes it only within the limits stipulated by the legislation based on the following reasons: 

 

a. Explicit Consent of the Personal Data Subject 

One of the conditions for processing personal data is the explicit consent of the subject of the personal data. The explicit consent of the personal data subject must be related to a specific subject, based on the information and freely given. Data is processed within the scope of the explicit consent of the owner and for the purposes specified in the explicit consent. As a rule, in the presence of the conditions set out in subparagraphs b, c, d, e, f, g and h of this Article, it is not necessary to obtain the explicit consent of the personal data subject. 

 

b. clearly stipulated in the law 

The personal data of the data subject shall be processed in accordance with the law if expressly provided for in the law. In cases where data processing is permitted by law, data processing is limited to the reasons and data categories specified in the relevant law. 

 

c. Failure to Obtain the Explicit Consent of the Relevant Person Due to Actual Impossibility 

The personal data of the data subject may be processed if it is mandatory to process the personal data of the person who is unable to disclose their consent due to actual impossibility or whose consent cannot be recognised as valid in order to protect the life or physical integrity of themselves or another person. 

 

d. Direct Relevance to the Establishment or Performance of the Contract 

Provided that it is directly related to the conclusion or performance of a contract, personal data may be processed if it is necessary to process the personal data of the parties to the contract (provided that the person whose data shall be processed based on the conclusion or performance of the contract is one of the parties to the contract). 

 

e. Fulfillment of Legal Obligation 

In cases where data processing is mandatory for the Company to fulfil its legal obligations, it may process the personal data of the data subject. 

 

f. Publicization of Personal Data by the Personal Data Subject 

In the event that the personal data of the data subject is made public by them, the relevant personal data may be processed limited to the purpose of publication. 

 

g. Data processing is mandatory for the establishment, use or protection of a right 

The personal data of the data subject may be processed if data processing is mandatory for the establishment, exercise or protection of a right. 

 

h. Data Processing is Mandatory Due to Legitimate Interests 

Provided that it does not harm the fundamental rights and freedoms of the personal data subject, the personal data of the data subject may be processed if data processing is mandatory for the legitimate interests of our Company. 

 

In the event that the processed data is sensitive personal data as defined in the PDPL, if there is no explicit consent of the personal data subject, personal data may only be processed in the following cases, provided that the Board determine adequate measures are taken: 

 

Compliance with the Law and Good Faith 

Pursuant to Article 4 of the PDPL, our Company processes personal data in accordance with the law and good faith and aims to balance conflicting interests by pursuing "fair advantage". Information is based on openness and honesty; clear information is given about the purpose of use of the personal data collected, and the data is processed within this framework.  

 

Purposefulness, Limitation and Proportionality 

Our Company determines the purposes for which it shall process the data of the data subject in line with their explicit consent. In this regard, it avoids processing personal data that is not related to the purpose of processing or is not needed, and the data required during data processing activities are collected at a minimum level. 

 

Ensuring that Personal Data is Accurate and Updated When Necessary 

Our Company ensures that the personal data it processes is accurate, relies on the declarations of the relevant person for this purpose and obtains confirmation of its up-to-dateness when necessary. 

 

Processing of Personal Data for Specific, Explicit and Legitimate Purposes 

Our Company collects and processes personal data for legitimate and lawful reasons. Our Company processes personal data in connection with the activities they carry out, within a reasonable framework and to the extent necessary, and retains them for the period stipulated in the relevant legislation or required for the purpose for which they are processed. 

 

Data Safety Principle 

Our Company is aware that ensuring the security of your personal data with the awareness of the speed of development of technology is not limited to legal methods and that it is necessary to take technology-supported security measures. In this regard, all necessary measures are taken to ensure data security.  

 

Data Minimization Principle 

  

 

The Data Minimization Principle refers to the collection and processing of data in a manner that is adequate, relevant and limited to only the data required for collection and processing.  

 

  

 

5. PERSONAL DATA COLLECTION CHANNELS  

  

 

Our Company may collect the personal data of the data subjects specified in Article 4 of this Policy verbally, in writing or electronically by automatic or non-automatic methods. Relevant persons are informed in accordance with the relevant legislation based on the channels through which personal data are obtained.  

 

  

 

6. TYPES OF PERSONAL DATA  

  

 

Personal data obtained by our Company from the data subjects specified in this Policy, data categories, collection channels, processing purposes and legal grounds for processing, third parties to whom personal data are transferred and the purposes of transfer are also regulated in detail in the relevant person clarification text. In case of changes in the personal data obtained from the data subjects, the Inventory and VERBIS records are updated.  

 

  

 

7. CLARIFICATION OBLIGATION 

  

 

Following Article 10 of the PDPL, our Company informs the relevant persons who own personal data that it obtains while carrying out its activities before or at the latest during the acquisition of personal data.  

 

The information that must be communicated to data subjects within the framework of this clarification obligation is given below with its main headings.   

 

- Identity of the data controller and its representative, if any,  

 

- The purpose for which personal data shall be processed,  

 

- To whom and for what purpose the processed personal data may be transferred,  

 

- The method and legal grounds for collecting personal data,  

 

- Other rights of the Data Subject listed in Article 11 of the PDPL 

 

  

 

In order to fulfil the clarification obligation, our Company has prepared clarification texts on the basis of the process, and the persons whose data are processed to be submitted to the data subjects within the scope of the PDPL mentioned above provision. After the clarification texts are presented to the data subjects, explicit consent declarations are obtained for data processing activities and data categories that require the explicit consent of the data subject in order for our Company to carry out its commercial activities.