The protection of personal data is the most important. (“enamedi.com ") is an important issue for. As the data controller, ENAmedi adopts the principles stipulated by the Law on Personal Data Protection No. 6698 (“Law on Personal Data Protection”) to ensure compliance, fulfills its obligations related to the processing, deletion, destruction, anonymization, transfer of personal data, informing the person concerned and ensuring data security. The Privacy and Personal Data Protection Policy organized within this scope is presented to the access of natural persons whose personal data are processed (“Relevant Person”).
1. Scope and Purpose of the Privacy and Personal Data Protection Policy
This Privacy and Personal Data Protection Policy;
Methods of collecting personal data and their legal reasons,
Which groups of people's personal data are processed (Categorization of the Group of People Subject to Data),
Which category of personal data is processed in relation to these contact groups (Data Categories) and sample data types,
In which business processes and for what purposes this personal data is used,
Technical and administrative measures taken to ensure the security of personal data,
To whom and for what purpose personal data may be transferred,
The duration of the storage of personal data,
Profiling and Segmentation
What are the rights of the Relevant Persons over their personal data and how can they exercise these rights,
How can Interested Parties change their positive or negative preferences for receiving electronic commercial messages,
Sharing personal data with official authorities
The Cookie (Cookie) explains the Use and Management.
a. Methods of Collecting Personal Data and Their Legal Reasons
ENAmedi personal data 5 of the Law on the Protection of Personal Data No. 6698. stated in the article
clearly stipulated in the laws
it is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract.
The fact that the relevant person has been publicly identified by himself
Mandatory data processing for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned
Data processing is mandatory for the establishment, use or protection of a right
based on its legal reasons, it collects websites in audio, electronic or written form through the websites' mobile applications, social media accounts, cookies, call center, notifications from administrative and judicial authorities and other communication channels.
b. Categorization of the Contact Group of the Data Subject
enamedi.com it categorizes the data subject groups whose personal data are processed in the personal data processing processes and the activities related to these processes as follows. However, 5 of the KVK Law. and 6. in accordance with the personal data processing conditions specified in the articles and in accordance with the legal reasons specified in this Privacy / Personal Data Protection Policy, the personal data of other groups of persons (consultant, educator, blogger) can also be processed.
c. Data Categories and Sample Data Types
1.
a) Member Customer
Identification Information: First name, surname, date of birth, gender, T.C. identification number
Location Information: The city where he lives, the district (enamedi.com the delivery address of the purchase made through)
Contact Information: mobile phone, e-mail address, address, zip code, landline phone
Financial Information: Tax office, billing information
Customer/Member Information: Membership information, membership ID number
Customer/Member Transaction Information: Purchased products/s, shopping amount, shopping date, call center call records, commercial communication permission, campaigns/contests used, coupons used, information about the order
Risk Management Information: IP address
Transaction Security Information: Password, password information
Marketing Information: Cookie records, targeting information, reviews showing habits and likes
Audio Data: Call center call recordings
Legal Action and Compliance Information: The start and end time of the provided service, the type of service used, the amount of data transferred, the commercial electronic message permission granted by the Data Subject electronically, the membership agreement approved by him, the corporate membership agreement, enamedi.com other legal texts and contracts that enable the use of the services offered by
Marketing Information: SMS, e-mail messages or calls made by the call center for marketing purposes sent in accordance with the commercial electronic message permission granted by the relevant person
Request / Complaint Management / Reputation Management Information: Records of complaints and/or requests submitted by the relevant person related to the product or service purchased via the website, mobile application, social media accounts or call center, as well as transactions made during the evaluation or management of these requests
b) Guest Customer (users who shop from the site without being a member)
Identification Information: First name, surname, date of birth, gender, T.C. identification number
Location Information: The city where he lives, the district (enamedi.com the delivery address of the purchase made through)
Contact Information: mobile phone, e-mail address, address, zip code, landline phone
Financial Information: Tax office, billing information
Guest Customer Transaction Information: Purchased product/s, shopping amount, shopping date, call center call records, commercial communication permission, campaigns used, order related information
Risk Management Information: IP address
Transaction Security Information: Password, password information
Marketing Information: Cookie records, targeting information, reviews showing habits and likes
Audio Data: Call center call recordings
Legal Action and Compliance Information: The start and end time of the provided service, the type of service used, the amount of data transferred, the commercial electronic message permission granted by the Data Subject in electronic environment, enamedi.com other legal texts and contracts that enable the use of the services offered by
Marketing Information: SMS, e-mail messages or calls made by the call center for marketing purposes sent in accordance with the commercial electronic message permission granted by the relevant person
Request / Complaint Management / Reputation Management Information: Records of complaints and/or requests submitted by the relevant person related to the product or service purchased via the website, mobile application, social media accounts or call center, as well as transactions made during the evaluation or management of these requests
2.
Online Visitor
Transaction Security Information: Password, mobile phone, password information
Legal Transaction Information/Risk Management Information: IP address
Legal Action and Compliance Information: The start and end time of the provided service, the type of service used, the amount of data transferred.
3.
The Person on Whose Behalf the Purchased Product Will Be Delivered
Identification Information: First name, surname, date of birth, gender, T.C. identification number
Location Information: The city where he lives, the district (enamedi.com the delivery address of the purchase made through)
Contact Information: mobile phone, e-mail address, address, zip code, landline phone
Financial Information: Tax office, billing information
4.
Seller/Supplier/Seller Candidate/Seller or Supplier Employee or Official
Identity Information: TC ID No, First name last name
Contact Information: e-mail address, phone, CAP address, address, mobile phone
Financial Information: Account Number, Tax office, Tax Identification Number, tax registration plate, IBAN
Legal Action and Compliance Information: Signature circular, activity document,
Special Categories of Personal Data / Legal Transaction Information: Signature
Visual Information: Photo
d. In Which Business Processes and for What Purposes Personal Data are Used
1.
a) Member Customer Personal Data
Execution of membership transactions,
enamedi.com e-commerce platforms operated by (“platform”); improvement of the services offered through them, development of new services and providing information about it,
For the purpose of fulfilling the Membership Agreement established with the Member Customer, approval of commercial electronic messages from the point of view of existing Member Customers;Analyzing the preferences, likes and needs of the Member Customer and providing special promotion, opportunities and benefits to the Member Customer,
Promotion and marketing of applications, goods / products and services in accordance with the preferences and tastes of the Member Customer by conducting remarketing, targeting, profiling and analysis in accordance with the explicit consent of the Member Customer,
Solving Member Customer problems and complaints,
Improving the Member Customer experience on both the platform and the mobile application,
Tracking of accounting and purchase transactions,
Legal processes and compliance with legislation,
Answering information requests from administrative and judicial authorities,
Ensuring information and transaction security and preventing malicious use,
Making the necessary arrangements in order to ensure that the processed data is up-to-date and accurate
b) Personal Data of Guest Customer (users who make purchases from the site without being a member)
Ability to make purchases from platforms as a ”guest",
Improvement of the services offered via the platforms, development of new services and providing information about this,
Commercial electronic message approval from the point of view of existing Guest Customers; analyzing their preferences, likes and needs and providing special promotion, opportunities and benefits to the Guest Customer,
Promotion and marketing of applications, goods / products and services in accordance with the preferences and tastes of the Guest Customer by conducting remarketing, targeting, profiling and analysis in accordance with the explicit consent of the Guest Customer,
Solving Guest Customer problems and complaints,
Improving the Guest Customer experience on both the platform and the mobile application,
Tracking of accounting and purchase transactions,
Legal processes and compliance with legislation,
Answering information requests from administrative and judicial authorities,
Ensuring information and transaction security and preventing malicious use,
Making the necessary arrangements in order to ensure that the processed data is up-to-date and accurate,
Fulfillment of legal obligations
2.
Online Visitor Personal Data
processing of online visitor data within the scope of Law No. 5651,
Legal processes and compliance with legislation,
Answering information requests from administrative and judicial authorities,
Ensuring information and transaction security and preventing malicious use,
Fulfillment of legal obligations
3.
Personal Data of the Person on Whose Behalf the Purchased Product Will be Delivered
Execution of product delivery processes,
Tracking of accounting and purchase transactions,
Legal processes and compliance with legislation,
Answering information requests from administrative and judicial authorities,
Ensuring information and transaction security and preventing malicious use,
Making the necessary arrangements in order to ensure that the processed data is up-to-date and accurate,
Fulfillment of legal obligations
4.
Personal Data of the Seller/Supplier/Seller Candidate / Seller or Supplier Employee or Official
Execution of contract processes,
Tracking of accounting and purchase transactions,
Legal processes and compliance with legislation,
Answering information requests from administrative and judicial authorities,
Ensuring information and transaction security and preventing malicious use,
Making the necessary arrangements in order to ensure that the processed data is up-to-date and accurate,
Fulfillment of legal obligations
e. Technical and Administrative Measures Taken to Ensure the Security of Personal Data
enamedi.com , undertakes to take all necessary technical and administrative measures to ensure the confidentiality, integrity and security of your personal data and to show the necessary care.
enamedi.com , takes the necessary measures to prevent unauthorized access to personal data, improper use, unlawful processing, disclosure, modification or destruction of personal data. enamedi.com when processing personal data, it uses generally accepted security technology standards such as firewalls and Secure Socket Layer (SSL) encryption. In addition, through the website, mobile application and mobile site October enamedi.com when sending your personal data to, these data are transferred using SSL.
enamedi.com in relation to preventing unlawful access to the personal data processed, preventing the unlawful processing of such data and ensuring the preservation of personal data,:
All areas on the website or mobile application where personal data is received are protected by SSL,
In order to prevent the unlawful processing of personal data collected from the website or mobile application, it creates and implements access authorization and control matrices for its employees,
In order to ensure that personal data is not illegally accessed; periodically conducts penetration tests, tests the system's resistance to unauthorized access,
In terms of all secondary data processing other than the primary processing purpose, it uses the Pseudonymization (pseudonymized data) method. In order to ensure that the pseudonymous data makes it impossible for the relevant person to be identified, it also uses encryption methods in the systems in which this data is contained and applies a stricter access authorization and control policy to this data,
It ensures that the personal data on paper media are kept in locked cabinets and accessed only by authorized persons.
The personal data processed through the cookies belonging to the third parties from which the service is received are deleted from the systems belonging to the third parties if the membership is terminated.
enamedi.com despite the fact that the company has taken the necessary information security measures, enamedi.com to the platforms operated by or enamedi.com in the event that personal data is damaged as a result of attacks on the system or falls into the hands of unauthorized third parties, enamedi.com it immediately notifies you and the Personal Data Protection Board about this situation and takes the necessary measures.
f. To Whom and for What Purpose Personal Data May be Transferred
enamedi.com personal data only for the purposes specified in this Privacy and Personal Data Protection Policy and in accordance with Article 8 of the KVK Law. and 9. he transfers it to third parties in accordance with his articles. The Member Customer /Guest Customer data processed within this scope and the contact information to be delivered on behalf of the purchased product are shared with the seller and cargo company and these data can also be accessed by the call center when necessary. The information of the person on whose behalf the invoice will be issued is shared with the cargo company for the purpose of sending the invoice to the relevant person.
The mobile phone number and/or e-mail address belonging to the Member Customer / Guest Customer is shared with the commercial electronic messaging service provider in order to advertise, advertise, provide benefits and opportunities in accordance with shopping preferences, likes and habits based on commercial electronic messaging approval.
Website or mobile application usage preferences and browsing history are shared with our domestic/foreign business partners who have received the cookie service in order to make segmentation and communicate with the Member Customer / Guest Customer in accordance with their likes and preferences. The personal data transfers carried out within this scope are carried out through the secure environment and channels offered by the relevant third party. Depending on the content and scope of the service received from the third parties, the transfer is made using Pseudonymous data (pseudonymous data) in all cases where there is no need to transfer the personal data of the Member Customer / Guest Customer.
In order to increase the customer satisfaction and loyalty of the Member Customer / Guest, the data belonging to the Member Customer / Guest Customer are shared with the companies that will conduct Sunday research.
Data belonging to the Member Customer /Guest Customer within the scope of reporting and statistical studies enamedi.com it is shared with Enamedi, who are the partners of.
In October Jul, your personal data will be shared with our business partners abroad for the purposes of providing business development services, providing statistical and technical services and conducting customer relations.
Member Customer/Guest Customer/ Online Visitor, enamedi.com if he reaches a via the corporate Whatsapp line, he will have sent his personal data abroad due to the fact that the Whatsapp platform is a service offered from abroad. If the Member Customer/Guest Customer/Online Visitor does not want to send their personal data abroad by using Whatsapp, enamedi.com he will be able to use other communication opportunities offered by the.
In addition to the technical measures that will ensure their security, the personal data subject to domestic and international transfer mentioned above are also legally protected thanks to the provisions compatible with the KVK Law contained in our contracts, taking into account that the opposite party of the legal relationship is the data controller or data processor.
When transferring personal information to countries other than Turkey during the sharing of information as mentioned above, it is ensured that the data is transferred in accordance with this policy and in accordance with the applicable data protection law.
g. Periods of Storage of Personal Data
enamedi.com it preserves the personal data it processes in accordance with the KVK Law for the periods stipulated in the relevant legislation or required for the purpose of processing. In our Personal Data Storage and Destruction Policy, these periods are approximately as follows:
Call Center voice recordings
3 years
Law No. 6563 and related secondary legislation
Membership and order related records
10 years
Law No. 6098
All records related to accounting and financial transactions
10 years
Law No. 6102, Law No. 213
Cookies
Maximum 540 days
Commercial electronic message approval records
1 Year from the date of withdrawal of the approval
Law No. 6563 and related secondary legislation
Traffic information about online visitors
2 years
Law No. 5651
Information and/or cvs received due to the job application
1 year
Personal data related to Member Customer/Guest Customers
10 Years after the termination of the legal relationship; 3 years in accordance with Law 6563 and the relevant secondary legislation
Law No. 6563, Law No. 6102, Law No. 6098, Law No. 213, Law No. 6502
Personal data about suppliers
10 Years after the end of the legal relationship
Law No. 6102, Law No. 6098 and Law No. 213
Personal data collected for the purpose of usability test research
2 weeks
You can review our Cookie Policy regarding the storage periods of the personal data we collect through cookies.
h. Profiling and Segmentation
enamedi.com By using the personal data processed in relation to the Member Customer/Guest Customer;
a. As for the Member Customer / Guest Customer who has given consent to receive commercial electronic messages, the Member performs profiling and segmentation in order to prepare content more appropriate to the likes and preferences of the Customer / Guest Customer, advertising, promotion, discounts.
b. By profiling and segmentation in terms of Member Customer/Guest Customer who has not given commercial electronic message approval;
Making product improvements (determining the most sold or unsold product categories),
Modeling by analyzing shopping preferences, organizing campaigns for customer groups that have the potential to buy a certain product and uploading it to the system,
Activities such as taking actions to increase the sales potential are being carried out.
Within the scope of profiling and segmentation studies, the personal data of the Member Customer / Guest Customer are not used directly, especially first and last name, mobile phone, e-mail or address information, but instead transactions are made with the Member Customer / Guest Customer IDs assigned to them. The protection of the personal data of the Customer / Member is ensured by the use of the Member Customer / Guest Customer ID or pseudonymous data with another expression. Member Customer/Guest Customer IDs enamedi.com it is only accessible to the relevant persons or departments. These IDs are assigned to the Member Customer/Guest Customer enamedi.com it is stored encrypted in the system by and access to this section is again only granted to limited people.
i. What are the Rights of the Relevant Persons over Their Personal Data and How can They Exercise These Rights
enamedi.com The rights that the Relevant Person has over the personal data processed by him/her in accordance with Article 11 of the KVK Law are listed below:
To learn whether personal data is processed or not,
If your personal data has been processed, do not request information about it,
To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
To know the third parties to whom personal data are transferred at home or abroad,
To request correction of personal data in case of incomplete or incorrect processing of personal data,
KVK Law 7. requesting deletion or destruction of personal data within the framework of the conditions stipulated in the article,
(d) and (e) to request that the transactions carried out in accordance with paragraphs be notified to the third parties to whom the personal data are transferred,
Objecting to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
To request compensation of the damage in case of damage due to unlawful processing of personal data.
In order to exercise your rights over your personal data;enamedi.com you can access your account from the “My Account” section of the website, mobile application and mobile site and make necessary changes, updates and/or deletions. Besides, enamedi.com you can make your application and exercise your rights by the methods specified in the “Application Form” organized in accordance with Article 13 of the KVK Law on the website or mobile application of the electronic trading platforms operated by.
j. How Can Interested Parties Change Their Positive Or Negative Preferences For Receiving Electronic Commercial Messages
enamedi.com you can change or update your positive or negative preferences for receiving commercial electronic messages that you have given while subscribing to the website or mobile application of electronic trading platforms operated by us, or at a later time by accessing the “My Account” section at any time.
Termination of membership does not mean revocation of your consent to receive commercial electronic messages. For this reason, also make sure that you have completed all the procedures related to revoking the approval you have given.
In terms of cookie management, you can follow the steps specified in our Cookie Policy.
k. Sharing Personal Data with Official Authorities
enamedi.com , enamedi.com your personal data related to your visit or membership to electronic trading platforms and mobile applications operated by us, as well as traffic information, such as your navigation information;enamedi.com in order to protect the obligation of the law (fighting crime, threats to the state and public security, etc., but not limited to enamedi.com in cases where there is a legal or administrative obligation to provide notification or information), it will be able to share this information with public institutions and organizations legally authorized to request it.
l. Use and Management of Cookies (Cookies)
enamedi.com you can review our Cookie Policy for detailed information about the cookies used by us, the types of cookies, their purpose, storage periods and cookie management.
2. Conditions for Deletion, Destruction and Anonymization of Personal Data
enamedi.com , stores the personal data processed through the website, mobile application or mobile site for the periods stipulated by the relevant laws in accordance with articles 7, 17 of the KVK Law and article 138 of the Turkish Penal Code and / or for the periods required by the purpose of processing. If these periods expire, it will delete, destroy or anonymize Personal Data in accordance with the provisions of the Regulation on Deletion, Destruction or Anonymization.
enamedi.com the deletion of personal data by the company refers to the process of making the personal data inaccessible and unusable again for the relevant users in any way. enamedi.com for this purpose, it creates a user-level access authorization and control matrix and implements it. Takes the necessary measures to perform the deletion process in the database.
enamedi.com the destruction of personal data by him refers to the process of making personal data inaccessible, irretrievable and unusable again by anyone in any way.
enamedi.com the anonymization of personal data by the means that the personal data cannot be associated with an identified or identifiable real person under any circumstances, even if it is matched with other data.
enamedi.com , Explains in detail the methods related to erasure, destruction and anonymization within the scope of the Personal Data Storage and Destruction Policy prepared in accordance with the Regulation on Erasure, Destruction or Anonymization of Personal Data, as well as the technical and administrative measures it has taken. In addition, the time December in which the superiodic destruction as stipulated by the Regulation will be carried out is determined as 6 months in this Policy.
3. Changes to be Made to the Privacy/Personal Data Protection Policy
enamedi.com , may make changes to this Privacy /Personal Data Protection Policy at any time. These changes take effect immediately with the publication of the new amended Privacy/Personal Data Protection Policy. In order for you to be informed about the changes in this Privacy/Personal Data Protection Policy, the necessary information will be provided to you, our members.