KVKK Illumination Text

POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA

2023

  1. AIM

as uactivewear ; The processing of personal data of real persons, including our customers, consumers, suppliers and employees, in accordance with the Constitution of the Republic of Turkey, international conventions on human rights to which our country is a party, and the relevant legislation, in particular the Law on the Protection of Personal Data No. 6698 (“KVKK”), and the rights of the data subjects whose data are processed It is our priority to ensure that it is used effectively.

Therefore, but not limited to those listed; We, as uactivewear , follow the Personal Data Protection and Processing Policy (“Policy”) regarding the processing, storage and transfer of data regarding our employees, visitors, business contacts, business partners, customers, suppliers, consumers, our users visiting our website, in short, all personal data we obtain during our activities. we do accordingly.

Protection of personal data and observance of the fundamental rights and freedoms of natural persons whose personal data are collected are the basic principles of our policy regarding the processing of personal data. For this reason, we carry out all our activities in which personal data are processed, taking into account the protection of privacy, the confidentiality of communication, freedom of thought and belief, and the right to use effective legal remedies.

In order to protect personal data, we take all administrative and technical protection measures required by the nature of the relevant data in accordance with the legislation and current technology.

This Policy explains the methods we follow for the processing, storage, transfer, deletion or anonymization of personal data shared during our commercial or social responsibility and similar activities within the framework of the principles mentioned in the KVKK.

  1. SCOPE

All personal data processed by the Company, including our customers, consumers, business contacts, business partners, employees, suppliers, potential customers, third parties, are within the scope of this Policy.

Our policy is implemented in all activities related to the processing of personal data owned or managed by the Company, and has been handled and prepared by considering the KVKK and other relevant legislation regarding personal data and international standards in this field.

  1. DEFINITION and ABBREVIATIONS

In this section, special terms and phrases, concepts, abbreviations etc. in the Policy. briefly explained.

3.1. Company: ( uactivewear )

3.2. Explicit Consent: Consent given on a specific subject, based on information and free will, without any hesitation, limited only to that transaction.

3.3. Anonymization: It is the rendering of personal data in no way associated with an identified or identifiable natural person, even by matching with other data.

3.4. Employee: Company Personnel.

3.5. Personal Data Owner (Relevant Person): The natural person whose personal data is processed.

3.6. Personal Data: Any information relating to an identified or identifiable natural person.

3.7. Sensitive Personal Data: Data about people's race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership to associations, foundations or unions, health, sexual life, criminal convictions, and security measures with biometric and genetic data.

3.8. Processing of Personal Data: Obtaining, recording, storing, storing, changing, rearranging, disclosing, transferring, taking over, making available, classifying personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system. or any kind of operation performed on the data, such as preventing its use.

3.9. Data Processor: The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.

3.10. Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

3.11. KVK Board: Personal Data Protection Board.

3.12. KVK Authority: Personal Data Protection Authority.

3.13. KVKK: The Law on Protection of Personal Data published in the Official Gazette dated 7 April 2016 and numbered 29677.

3.14. Policy: uactivewear Personal Data Protection and Processing Policy

  1. ROLE AND RESPONSIBILITIES

E-Commerce Manager: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. The real or legal person who processes personal data.

E-Commerce Specialist: The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.

  1. LEGAL OBLIGATIONS

Legal obligations within the scope of protection and processing of personal data as a data controller pursuant to KVKK are listed below:

5.1. Our obligation to inform

While collecting personal data as a Data Controller;

➢ For what purpose your personal data will be processed,

➢ Information about our identity and the identity of our representative, if any,

➢ To whom and for what purpose your processed personal data can be transferred,

➢ Our method of collecting the data and the legal reason,

➢ Rights arising from the law,

We have an obligation to inform the Relevant Person regarding the issues.

As a company, we take care to ensure that this Policy, which is open to the public, is clear, understandable and easily accessible.

5.2. Our obligation to ensure data security

As the Data Controller, we take the administrative and technical measures stipulated in the legislation in order to ensure the security of the personal data under our responsibility. Obligations and measures regarding data security are detailed in the 9th and 10th sections of this Policy.

  1. CLASSIFICATION OF PERSONAL DATA

6.1. Personal data

Personal data; Any information relating to an identified or identifiable natural person.

The protection of personal data is only related to real persons, and information belonging to legal entities that do not contain information about the real person is excluded from personal data protection. Therefore, this Policy does not apply to data belonging to legal entities.

6.2. Special categories of personal data

Data on people's race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, their clothing, membership to associations, foundations or unions, health, sexual life, criminal convictions, and security measures, and biometric and genetic data are privately owned. qualified personal data.

  1. PROCESSING PERSONAL DATA

7.1. Our personal data processing principles

We process personal data in accordance with the principles below.

7.1.1. Processing in accordance with the law and honesty rules

We process personal data in accordance with the rules of honesty, transparently and within the framework of our disclosure obligation.

7.1.2. Ensuring that personal data is accurate and, where necessary, up to date

We take the necessary measures in our data processing procedures to ensure that the processed data is accurate and up-to-date. We also allow the Personal Data Owner to apply to us to update their data and to correct any errors in their processed data, if any.

7.1.3. Processing for specific, explicit and legitimate purposes

As a company, we process personal data within the scope and content of which are clearly defined, within the scope of our legitimate purposes determined to continue our activities within the framework of the legislation and the ordinary course of commercial life.

7.1.4. Personal data must be connected, limited and measured for the purpose for which they are processed.

We process personal data in connection with the purpose we have clearly and precisely determined, in a limited and measured way.

We avoid the processing of personal data that is not relevant or does not need to be processed. For this reason, we do not process personal data of a private nature unless there is a legal requirement, or we obtain express consent on the subject when we need to process it.

7.1.5. Storage of personal data for the duration of our legitimate commercial interests and stipulated by legal regulations

Many regulations in the legislation require personal data to be kept for a certain period of time. For this reason, we keep the personal data we process for as long as required by the relevant legislation or for the purposes of processing personal data.

In case the storage period stipulated in the legislation expires or the purpose of processing disappears, we delete, destroy or anonymize personal data. Our principles and procedures regarding retention periods are stated in 9.1 of this Policy. detailed in the article.

7.2. Our purposes for processing personal data

As a company, we process personal data for purposes similar to those listed below, including but not limited to:

➢ Conducting our activities,

➢ To provide support services to customers within the scope of the contract and within the framework of service standards,

➢ Determining the preferences and needs of our customers and shaping, personalizing and updating the services to be provided to our customers within this scope,

➢ To ensure that our legal obligations are fulfilled as required or required by legal regulations,

➢ To be able to do market research and statistical studies,

➢ Surveys, contests, promotions and sponsorships,

➢ Organizing events,

➢ To contact people who have a business relationship with the company,

➢ Marketing,

➢ Vendor / supplier management,

➢ Advertising,

➢ Legal reporting,

➢ Billing.

7.3. Processing of special categories of personal data

Special categories of personal data are processed by us by taking the administrative and technical measures envisaged by the laws and by the KVK Board, if there is express consent, or when required by the legislation.

Since sensitive personal data related to health and sexual life can be processed by persons or authorized institutions and organizations under the obligation of keeping confidentiality for the purpose of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, It is not processed by us other than the data of our employees. Such data belonging to our employees may be processed by the persons stipulated by the laws.

7.4. Processing of personal data within the scope of other subscriptions

To become a member of our programs, to benefit from our campaigns, to be aware of the advantages we offer, etc. If you become a member of our site or one of the programs we offer for these purposes, we collect your personal data with membership forms, process and transfer your personal data that you share.

7.5. Processing of personal data collected through cookies on our website

We use cookies to improve the functioning and use of our website, and we try to make the time you spend on our website more productive and enjoyable. In addition to these, we use some cookies to remember the choices you make on our website, thus providing you with an improved and personalized experience.

We can collect your personal data through cookies on our website, process, transfer and store the data we collect.

If you do not want your personal data to be collected and processed through cookies, you can refuse cookies on our website. We remind you that if you refuse cookies, our website may not work properly and there may be disruptions in the display or presentation of goods and services.

For detailed information about the cookies we use on our website, you can review our "Cookie Policy".

7.6. Exceptional cases where express consent is not sought in the processing of personal data

In exceptional cases listed below and arising from the law, we may process personal data without express consent:

➢ expressly stipulated in laws;

➢ It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract;

➢ Data processing is mandatory for the establishment, exercise or protection of a right;

➢ It is necessary for us to process your data for our legitimate interests as data controller, provided that it does not harm fundamental rights and freedoms.

Exceptional cases where sensitive personal data can be processed without the explicit consent of the Relevant Person are specified in article 7.3 of this Policy.

  1. TRANSFERRING PERSONAL DATA

8.1. Transfer of personal data to the country

As a company, we act in accordance with the decisions and regulations stipulated in the KVKK and taken by the KVK Board regarding the transfer of personal data.

Without prejudice to the exceptional circumstances in the legislation, personal data and sensitive data are not transferred to other real persons or legal entities without the explicit consent of the Relevant Person.

In exceptional cases stipulated by the KVKK and other legislation, the data may be transferred to the authorized administrative or judicial institution or organization in the manner stipulated in the legislation and within the limits, without the explicit consent of the Relevant Person.

In addition, with the exceptional cases stipulated by the legislation;

➢ 7.6 of the Policy. In the cases described in Article

➢ With regard to special categories of personal data, Article 7.3 of the Policy. in the cases listed in the article,

➢ With the measures foreseen by the KVK Board and the relevant legislation, special quality personal data related to the health and sexual life of the Relevant Person can only be provided for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and financing of health services. It can be transferred to persons or authorized institutions and organizations under the obligation of confidentiality for the purpose of management, without seeking explicit consent.

8.2. Transfer of personal data abroad

As a rule, personal data is not transferred abroad without the explicit consent of the Relevant Person. However, Article 7.3 of this Policy. and 7.6. In cases where one of the exceptions specified in Articles of Association exists, third parties abroad can only:

➢ Located in countries where there is sufficient protection declared by the KVK Board;

➢ In case of being located in countries where there is no adequate protection, the data controllers in Turkey and in the foreign country in question must undertake in writing an adequate protection and the KVK Board has permission;

In such cases, personal data may be transferred abroad without express consent. Your personal data is used to provide better service to you, to personalize our website according to the needs and preferences of our customers, members and consumers, to promote our products and services, to remember your preferences by our search engines, etc. Your personal data may be transferred to our business partners abroad for these purposes and processed by our business partners and third parties.

8.3. Institutions and organizations to which personal data is transferred

Personal data, including but not limited to;

➢ To our suppliers,

➢ To our business partners and business contacts,

➢ Legally authorized public institutions and organizations,

➢ Legally authorized private legal persons,

may be transferred according to the principles and rules described above.

8.4. Measures we take regarding the legal transfer of personal data

8.4.1. technical measures

To protect personal data, but not limited to those listed;

➢ To make in-house technical organization for the processing and storage of personal data in accordance with the legislation,

➢ The security of the databases where your personal data will be stored is provided by our Business Partners,

➢ Follows and audits the processes of the technical infrastructure created,

➢ Determines the procedures for reporting the technical measures and audit processes we take,

➢ Periodically updates and renews the technical measures,

➢ Risky situations are re-examined and necessary technological solutions are produced,

➢ We use virus protection systems, firewalls and similar software or hardware security products and establish security systems in line with technological developments,

➢ We employ employees who are experts in technical matters or we work with business partners who are technical experts.

8.4.2. Administrative measures

To protect your personal data, but not limited to those listed;

➢ Establishing personal data access policies and procedures, including company and subsidiary employees within our company,

➢ Inform and train our employees on the legal protection and processing of personal data,

➢ In the contracts we make with our employees and/or in the Policies we create, the Company records the measures to be taken in case of unlawful processing of personal data by our employees,

➢ We monitor the processing of personal data of the data processors we work with or the partners of the data processors.

  1. STORAGE OF PERSONAL DATA

9.1. Keeping personal data for the period required by the relevant legislation or for the purpose for which they are processed.

We keep personal data for as long as required by the purpose of processing personal data, without prejudice to the storage periods stipulated in the legislation.

In cases where we process personal data for more than one purpose, the data is deleted, destroyed or anonymized and stored if the purposes of processing the data disappear or there is no legal obstacle to the deletion of the data upon the request of the Relevant Person. In matters of destruction, deletion or anonymization, the provisions of the legislation and the decisions of the KVK Board are complied with.

9.2. Measures we take regarding the storage of personal data

9.2.1. technical measures

➢ Establishes technical infrastructures and related control mechanisms for the deletion, destruction and anonymization of personal data,

➢ Takes the necessary measures for the safe storage of personal data,

➢ Employs employees with technical expertise,

➢ To create business continuity and emergency plans against possible risks and develop systems for their implementation,

➢ We establish security systems in accordance with technological developments regarding the storage areas of personal data.

9.2.2. Administrative measures

➢ To raise awareness by informing our employees about the technical and administrative risks related to the storage of personal data,

➢ In case of cooperation with third parties for the storage of personal data, contracts made with companies to which personal data are transferred; We include provisions regarding taking the necessary security measures for the protection and safe storage of the transferred personal data of the persons to whom personal data is transferred.

  1. SECURITY OF PERSONAL DATA

10.1. Our obligations regarding the security of personal data

Personal data;

➢ To prevent illegal processing,

➢ To prevent illegal access,

➢ To ensure that it is stored in accordance with the law,

We take administrative and technical measures according to technological possibilities and implementation costs.