Privacy Policy
The protection of personal data is among the most important priorities of www.b2bpuanestore.com [Seylan Ready-Made Clothing Industry and Foreign Trade Limited Company] (the Company), and utmost effort is made to comply with all legislation in force, primarily the Law No. 6698 on the Protection of Personal Data (the Law). Within the framework of this Personal Data Protection and Processing Policy (the Policy), the Company explains the fundamental principles it adopts regarding personal data processing activities and thus ensures the necessary transparency by informing personal data owners. With full awareness of our responsibility in this regard, your personal data is processed and protected within the scope of this Policy.
This Policy relates to all personal data of natural persons processed by the Company, whether wholly or partly automatically or through non-automatic means as part of any data recording system.
Processing of Personal Data
Your personal data may only be processed in accordance with the procedures and principles stipulated by law.
We act in accordance with the following principles in the processing of personal data.
a) Compliance with the law and principles of fairness.
b) Accuracy and, where necessary, up-to-date information.
c) Processing for specific, explicit, and legitimate purposes.
d) Being relevant, limited, and proportionate to the purpose for which they are processed.
e) Retention for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed.
Conditions for Processing Personal Data
Your personal data is processed in accordance with your explicit consent. However, we may process your personal data without your explicit consent and only after informing you, provided the following conditions are met:
Cases where processing of personal data without your explicit consent is possible:
a) When explicitly provided for in the laws.
b) When it is necessary for the protection of the life or physical integrity of the person who is unable to express their consent due to factual impossibility or whose consent is not legally valid, or for the protection of the life or physical integrity of another person.
c) When it is necessary to process the personal data of the parties to a contract, provided that it is directly related to the establishment or performance of the contract.
c) It is necessary for the data controller to fulfill its legal obligations.
d) The data has been made public by the data subject themselves.
e) Data processing is necessary for the establishment, exercise, or protection of a right.
f) Data processing is necessary for the legitimate interests of our company, provided that it does not harm your fundamental rights and freedoms.
There may be only one or more of these conditions underlying the processing of your personal data.
We do not process your special categories of personal data.
Informing the Personal Data Subject
In accordance with Article 10 of the Law and secondary legislation, the Company informs personal data subjects. In this context, the Company informs individuals about who processes personal data as the data controller, for what purposes, with whom it is shared and for what purposes, the methods by which it is collected, the legal basis, and the rights of data subjects regarding the processing of their personal data. You can access our user information text here.
Transfer of Personal Data
The company may transfer the personal data of the data subject to third parties (third-party companies, official and private authorities, third-party individuals) in accordance with the law and by taking the necessary security measures in line with the purposes of processing personal data that are lawful. The company acts in accordance with the regulations stipulated in Article 8 of the Law.
Ensuring the Security of Personal Data
In accordance with Article 12 of the Law, the company takes the necessary measures to prevent the unlawful disclosure, access, transfer, or other security deficiencies that may occur in personal data. In this context, technical and administrative measures are taken and audits are conducted or commissioned to ensure the necessary level of security in accordance with the guidelines published by the Personal Data Protection Board (the Board).
Storage and Destruction of Personal Data
The company retains personal data for the period necessary for the purpose for which it is processed and for the minimum periods stipulated in the legal regulations governing the relevant activity. In this context, the Company first determines whether a retention period for personal data is stipulated in the relevant legislation, and if a period is determined, it acts in accordance with that period. If there is no legal period, personal data is stored for as long as necessary for the purpose for which it is processed. At the end of the determined retention periods, personal data is destroyed in accordance with periodic destruction schedules or data owner requests and with the determined destruction methods (deletion and/or destruction and/or anonymization).
Ensuring the Security of Personal Data
In accordance with Article 12 of the Law, the Company takes the necessary measures to prevent the unlawful disclosure, access, transfer, or other security deficiencies that may occur with personal data. In this context, technical and administrative measures are taken and audits are conducted or commissioned to ensure the necessary level of security in accordance with the guidelines published by the Personal Data Protection Board (the Board).
Storage and Destruction of Personal Data
The Company retains personal data for the period necessary for the purpose for which it is processed and in accordance with the minimum periods stipulated in the relevant legal regulations governing the activity. In this context, the Company first determines whether a retention period for personal data is stipulated in the relevant legislation, and if a period is determined, it acts in accordance with that period. If no legal period exists, personal data is stored for the period necessary for the purpose for which it is processed. At the end of the determined retention periods, personal data is destroyed periodically in accordance with the destruction schedules or upon the data owner's request, and using the determined destruction methods (deletion and/or destruction and/or anonymization).
Protection of Personal Data Against Data Breach
According to Article 12, paragraph 5 of the Law, in the event of the unlawful acquisition of personal data by others, in other words, a personal data breach, the Company is obliged to notify the relevant party and the Board as soon as possible.
To prevent data breaches, the Company takes all necessary precautions by conducting a risk assessment before a personal data breach, considering all administrative and technical measures specified in the Law, the sub-regulations of the Personal Data Protection Law, and this policy. In the event of a personal data breach, the Company conducts a preliminary assessment of the breach and carries out prevention and recovery efforts to mitigate the effects of the breach as a result of the risk assessment. Within the framework of these efforts, it notifies the Board without delay and within a maximum of 72 hours.
Rights of the Personal Data Subject and Exercise of Rights
Personal data subjects may submit their requests regarding the rights listed below to our Company using the methods determined by the Board (specified in the disclosure text).
Data subjects have the following rights:
To learn whether your personal data is being processed.
To request information regarding the processing of your personal data if it has been processed.
To learn the purpose of the processing of your personal data and whether it is being used in accordance with its purpose.
To know the third parties to whom your personal data has been transferred, domestically or internationally.
To request the correction of your personal data if it is incomplete or inaccurate, and to request that the action taken in this regard be notified to the third parties to whom your personal data has been transferred.
To request the deletion or destruction of your personal data if the reasons requiring its processing have ceased to exist, even if it has been processed in accordance with the law and other relevant laws, and to request that the action taken in this regard be notified to the third parties to whom your personal data has been transferred.
To object to a result that is detrimental to you arising from the analysis of your processed data exclusively through automated systems.
To request compensation for damages if you suffer harm due to the unlawful processing of your personal data. For detailed information and to apply, please click here.
Responding to Data Subject Requests
Our company takes the necessary administrative and technical measures to process requests made by data subjects in accordance with the Law and secondary legislation.
If a data subject submits a request regarding their rights to our company in accordance with the procedure, the request will be processed free of charge as soon as possible and within a maximum of 30 (thirty) days, depending on the nature of the request. However, if the process requires additional costs, a fee may be charged in accordance with the tariff determined by the Board.