POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA BY FORIE UNDER THE LAW NO. 6698

  

LAW ON THE PROTECTION AND PROCESSING OF PERSONAL DATA

PUBLIC DISCLOSURE FORM

 

The Law on the Protection of Personal Data published on the Official Gazette dated 7 April 2016 and no. 29677 sets out the procedures and principles regarding the processing of personal data by real or legal persons who are classified as “data controller” of personal data and determine the purposes and means of processing personal data and responsible for the establishment and management of the data recording system.

Under the Law, "Personal Data" is defined as any kind of information belonging to you, which will be obtained/to be obtained by real or legal persons who have the title of data controller, or which you shared or will share; and “Processing of Personal Data” is defined as any operation performed on personal data such as obtaining, recording, storage, retention, alteration, re-organization, disclosure, transferring, taking over, making available, classification or preventing the use thereof, through fully or partially automatic means or non-automatic means.

This Policy on the Processing and Protection of Personal Data (“Policy”) has been drafted to fulfil the obligation of Kobi Uluslararası Tanıtım ve Dağıtım Hizmetleri San. Tic. A.Ş. (“KOBİ A.Ş.”) as the data controller, arising from Article 10 of the Law. We bring the following comments to the attention of our users and third parties who use our website and/or mobile applications. KOBİ A.Ş. reserves the right to update this Policy in accordance with the amendments to the legislation in force.

Also, the Law on the Regulation of Electronic Commerce No. 6563 contains provisions on the protection of personal data. In some cases, criminal sanctions are foreseen to protect personal data through the provisions of the Turkish Penal Code No. 5237. On the other hand, data must be collected and used for the purpose of fulfilling our obligations arising from the Consumer Protection Law No. 6502 and the Regulation on Distance Contracts.

We hereby submit to your information that the Personal Data will be processed by our Company in the framework described below and, in the forms, stipulated by the Law.

 

 

 DEFINITIONS AND ABBREVIATIONS

 

In this section, special terms and phrases, concepts, abbreviations and etc. is briefly explained.

  • Kobi A.Ş.: KOBİ ULUSLARARASI TANITIM VE DAĞITIM HİZMETLERİ SAN.TİC. A.Ş
  • Explicit Consent: Consent to a particular subject, based on information and free will, without any hesitation, limited only to that transaction.
  • Anonymizing: Rendering personal data impossible to link with an identified or identifiable natural person even through matching them with other data.
  • Employee: Company Personnel.
  • Owner of Personal Data (Relevant Person): Real person whose personal data is processed.
  • Personal Data: All information relating to an identified or identifiable natural person.
  • Special Category Personal Data: Personal data relating to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, clothing, membership to associations, foundations or trade-unions, health, sexual life, convictions and security measures, and the biometric and genetic data.
  • Processing of personal data: Any operation performed on personal data such as obtaining, recording, storage, retention, alteration, re-organization, disclosure, transferring, taking over, making available, classification or preventing the use thereof, through fully or partially automatic means or non-automatic means.
  • Processor: the natural or legal person who processes personal data on behalf of the controller upon his/her authorization.
  • Data Controller: The natural or legal person who determines the purpose and means of processing personal data and is responsible for establishing and managing the data registry system.
  • KVK Board: Personal Data Protection Board.
  • KVKK: The Law on the Protection of Personal Data published on the Official Gazette dated 7 April 2016 and no. 29677.
  • Policy: KOBİ ULUSLARARASI TANITIM VE DAĞITIM HİZMETLERİ A.Ş. Policy on the Protection and Processing of Personal Data

PROCESSING PURPOSES OF YOUR PERSONAL DATA AND LEGAL REASONS

 

Your personal data is processed by our Company for purposes and legal reasons, such as; fulfilment of our obligations  (identification, information storage, reporting, information, etc.) and commitments under all relevant national/international legislation, including the Law No. 5549 on the Prevention of Laundering of Crime Revenues, and the Law No. 4358 on the Generalizing Use of Tax Identification Number, and secondary regulations issued by national/international competent authorities based on these or the contracts signed in relation to them or to their activities; establishing contracts for all kinds of products and services you request from our Company, and arranging all other records and documents (physically or electronically), providing such products and services and maintaining them without interruption as required.

 

  FOR WHAT PURPOSE DOES KOBİ A.Ş. USE YOUR PERSONAL DATA?

 

It is used to serve you better, to pave the way for the importer and exporter to meet in a short time, to contribute to your marketing planning, enable you to make sector research about target markets, to research your target audience, to minimize your time and costs and to maximize your benefits.

KOBİ A.Ş. will be able to record, store, update, disclose to the third parties, transfer, classify and process your personal data in cases and to the extent permitted by legislation.

YOUR PERSONAL DATA ARE USED:

 

  • To ensure that importers and exporters meet in a short time;
  • To ensure that users receive information about target markets;
  • To contribute to marketing planning;
  • To confirm the identity information of the shopper/owner through the website/mobile applications;
  • To record addresses and other necessary information for communication;
  • To organize all records and documents that will be the basis of transactions in electronic (internet / mobile etc.) and/or physical environments;
  • To fulfil the obligations undertaken in accordance with the contracts we have concluded under the relevant articles of the Distance Selling Contract and the Consumers Protection Law;
  • To be able to communicate with our customers about the conditions, current status and updates of the contracts that we have concluded under the relevant articles of the Distance Selling Contract and the Consumers Protection Law, and to give necessary information;
  • To be able to provide information to public officials on public security issues upon request and in accordance with the legislation;
  • Providing our customers with a better shopping experience; to give information to our customers about our products and services that our customers may be interested in, and campaigns by taking into account the interests of our customers;
  • To increase customer satisfaction, to recognize our customers who shop on the website/mobile applications and to use them in customer environment analysis, to use in various marketing and advertising activities and, in this context to conduct surveys in electronic and/or physical environment through contracted organizations;
  • To offer suggestions to our customers by our contracted institutions and solution partners, to inform our customers about our services;
  • To be able to evaluate customer complaints and suggestions regarding our services;
  • To fulfil our legal obligations and exercise our rights arising from the legislation in force.
  • To carry out our commercial activities,
  • To contribute to Marketing Planning,
  • To ensure participation in the International Competitive Market,
  • To provide information about the Target Market and the sector in the International Competitive Market,
  • To ensure that importers and exporters meet through our e-commerce site, our call centre,
  • To save time and costs,
  • To provide support service within the scope of the agreement and within the framework of service standards,
  • To determine the preferences and needs of our members/visitors and to shape and update our services as such,
  • To ensure that our legal obligations are fulfilled as required or obliged by legal regulations,
  • To evaluate job applications,
  • To provide liaison with the people who have a business relationship with the company
  • Marketing,
  • To support the training, development and career processes of our employees
  • Compliance management,
  • Buyer/seller management,
  • To make legal reporting,
  • Billing,
  • To execute Kobi A.Ş. Membership System,
  • To ensure communication between candidates and employers of Kobi A.Ş.,
  • To provide corporate communication,
  • To provide the contact between the company and the transportation or technical service, especially after purchasing the product,
  • To send newsletters via SMS, e-mail, to engage in marketing activities or to make notifications.

 

The data given by our customers who make transactions through the website of KOBİ A.Ş. and/or mobile applications, are processed by KOBİ A.Ş. with the consent of our customers and in accordance with the provisions of the legislation.

In order to provide a better service to its visitors and under its legal obligation, KOBİ A.Ş. will collect your navigating information to process, share it with third parties and store safely, provided that it is not used outside the purposes and scope specified in this Statement on the Protection of Personal Data.

KOBİ A.Ş. stores the information it collects through log files, empty gif files, and/or third-party resources to create a summary of your preferences. KOBİ A.Ş. can track your browsing information on site/mobile applications and/or your usage history on site/mobile applications in order to make promotion specially to you, to present promotions and marketing offers, to improve the content of the site/mobile applications according to you and/or to determine your preferences. KOBİ A.Ş. may match information collected from you on the site in different ways, such as information collected online and offline, and may use this information in conjunction with information from other sources, such as third parties.

PROCESSING SPECIAL CATEGORY PERSONAL DATA

 

Special category personal data is processed by us, by taking administrative and technical measures stipulated by the laws and foreseen by the KVK Board, and if there is an explicit consent or when required by the legislation. Since special category personal data related to health and sexual life can be processed by persons or authorized institutions and organizations that are under the obligation to keep secrets in order to protect public health, preventive medicine, conduct medical diagnosis, treatment and care services, and plan and manage health services and financing, it is not processed by us except for the data of our employees. Such data belonging to our employees can be processed by people stipulated by law.

 

PROCESSING PERSONAL DATA COLLECTED FROM COOKIES

 

We use cookies to improve the functioning and usage of our websites or mobile applications, and we try to make the time you spend on our digital platforms more efficient and enjoyable. In addition, we use some cookies to remember your preferences on our websites and mobile applications, thereby providing you with an improved and personalized experience. We can collect your personal data, process, transfer and store the data we collect through cookies on our digital platforms. You can access detailed information about the cookies we use in the “Kobi A.Ş Privacy Policy”.

 

PROCESSING PERSONAL DATA FOR RECRUITMENT AND EMPLOYMENT PURPOSES

 

For the purpose of evaluating a job application we process, store and transfer your personal data contained in your CV, diploma, photograph, and other documents that you shared with us during the applications you will make as an employee candidate. Processing, transfer and storage of personal data that you share as an employee candidate is within the scope of this Policy. Apart from this Policy, Personal data of the Employee is collected, processed and stored within the framework of Kobi A.Ş. Human Resources.

 

PROCESSING PERSONAL DATA COLLECTED for JOB APPLICATION

 

Personal data obtained through application forms, CVs and applications to intermediary institutions will be recorded for use in the evaluation of job application. They are advised to review personal data and review privacy policies. Those who apply with the Application Form create a CV by sharing general information such as;

 

  • Identity information (name, surname, date of birth, TR. identity no)
  • Communication information (address, e-mail address, phone number etc.)
  • Education information (graduated schools etc.)
  • Work experiences
  • Foreign language knowledge
  • Computer skills
  • Certificate
  • References
  • Photo
  • Health data
  • Driver's license/able to travel etc.

 According to the quality of the application, the photo-health data may also be requested by the employer from the member who creates the CV to assess whether he/she is competent in the job. The requested health information is processed only for employment within the scope of the relevant legislation. The information shared by the applicants within the scope of the CV can be viewed by employers. They store the identity, education and professional information of the APPLICANT within the scope of the legislation and can transfer this data to solution partners, public institutions and organizations upon request. Deletion, destruction or anonymization of personal data in this platform is within the scope of Article 9 of this Policy. If the job application process results in negatively, processing the personal data shared with the employer and data security is the employer's responsibility.

 

PROCESSING PERSONAL DATA COLLECTED UNDER THE PURCHASING PROCEDURES

 

When a purchase is made, the CUSTOMER's financial information is transferred to individuals and institutions, such as bank or credit card companies, to carry out the transaction. The transferred data is the data related to payment purposes such as;

  • Credit card number
  • Expiration date
  • CVV2 or bank account information.

During the purchase, data such as customer invoice and payment information (name, surname, T.R. identity no, telephone number, invoice address), invoices sent and receipts of payments received from members, payment number, invoice amount, invoice number, invoice date are collected. This data is processed for managing the billing process and processes carried out with payment service providers such as accounting, after-sales services, communication, marketing, auditing, control. When the purchase is made, the financial information of the customer is transferred to individuals such as banks or credit card companies to carry out the transaction. Credit card information is not kept in Kobi A.Ş.’s database. During the shopping, video recording in the stores is done for security purposes and to view the safe transactions. In distance sales made over the phone, sound recording is obtained for a safe sale. The above-mentioned data is transferred according to article 8 of this Policy and shared with third parties. The deletion, destruction or anonymization of personal data in this platform is within the scope of Article 9 of this Policy.

 

EXCEPTIONAL SITUATIONS where EXPLICIT CONSENT ıs not requıred whıle processıng PERSONAL DATA

 

In exceptional cases listed below, we may process personal data without explicit consent:

 

  • Clearly prescribed by law
  • When it is necessary to process personal data of the parties to a contract, provided that it is directly related to the establishment or performance of the contract.

 

PERSONS OR ORGANIZATIONS TO WHICH YOUR PROCESSED PERSONAL DATA MAY BE TRANSFERRED FOR THE ABOVEMENTIONED PURPOSES

 

Your personal data can be transferred to domestic/overseas/international, public/private institutions and organizations, companies and other third parties including but not limited to persons or organizations (judicial and administrative authorities, other official institutions, law enforcement etc.) which have the permission, right and authority to request and process personal information as permitted by all national/international legislation referred to above and/or under the legislation or contracts signed, and our indirect/direct domestic/overseas subsidiaries or affiliates, from which we receive service/support/consultancy or which collaborate with our company or the project/program/ financing partners of our company.

TRANSFER OF PERSONAL DATA TO THE COUNTRY

 

As company, we act in line with the decisions and arrangements stipulated by KVK and made by the KVK Board for the transfer of personal data. Without prejudice to the exceptional circumstances in the legislation, special category personal data is not transferred by us to other real persons or legal entities without the explicit consent of the Person concerned. In exceptional cases stipulated by KVKK and other legislation, the data may also be transferred,

 without explicit consent of the relevant person, to the administrative or judicial institution or organization authorized as stipulated by the legislation and with limits. Additionally, in exceptional cases stipulated by the legislation and;

  • in cases described in the Policy,
  • in cases regarding the Policy on special category personal data,

after taking the measures stipulated by the KVK Board and the relevant legislation, the health data of the Relevant Person and special category personal data can be transferred to the persons who are under the obligation to keep secrets or to authorized institutions and organizations without explicit consent only for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing.

 

TRANSFER OF PERSONAL DATA ABROAD

 

As a rule, personal data is not transferred abroad without the explicit consent of the Relevant Person. However, in cases where one of the exceptional cases of this Policy exists, the personal data of the third parties who are abroad can be transferred abroad without explicit consent:

 

  • When they are in countries where there is with sufficient protection as announced by the KVK Board, and
  • when they are not in countries where there is not adequate protection, but if the data controllers in Turkey and in the foreign country concerned undertake sufficient protection in written and when the permission of KVK Board is available.

 

TRANSFER OF PERSONAL DATA FOR THE PURPOSEs OF PROVIDING OUR SERVICES AND MARKETING ACTIVITIES

 

We work with service providers abroad for the purposes of developing the website and digital platforms, conducting surveys, increasing the variety of products and services according to the preferences of visitors and members, and measuring the user experience. With regard to processing and protection of personal data, it is recommended to review the relevant policies of the service providers with whom we cooperate.

 

INSTITUTIONS AND ORGANIZATIONS WHERE YOUR PERSONAL DATA IS TRANSFERED

 

Personal data can be transferred to;

  • our providers
  • our business partners and business contacts
  • technical services
  • shipping companies
  • cargo companies
  • legally authorized public institutions and organizations
  • legally authorized private law persons
  • our partners according to the principles and rules explained above
  • independent audit firms.

 

MEASURES WE TAKE FOR THE TRANSFER OF PERSONAL DATA IN CONFORMITY WITH THE LAW

 

TECHNICAL MEASURES

 

To protect your personal data, among others, we take the following measures;

  • Make an internal technical organization for the processing and storage of personal data in conformity with the legislation.
  • Create technical infrastructure to ensure the security of databases where your personal data will be stored.
  • Monitor the processes of the technical infrastructure created and control it.
  • Determine the procedures for reporting the technical measures and audit processes we take.
  • Updates and renew technical measures periodically.
  • Produce necessary technological solutions by reviewing risky situations.
  • Use virus protection systems, firewalls and similar software or hardware security products and establish security systems suitable for technological developments.
  • Employ experts who are experts in technical issues.

 

ADMINISTRATIVE MEASURES

 

To protect your personal data, among others, we take the following measures:

  • Establish policies and procedures on access to personal data, including personnel of the company and its affiliates.
  • Inform and educate our employees on the lawful protection and processing of personal data.
  • In our contracts with our employees and/or the Policies we establish, we record the measures to be taken in cases of unlawful processing of personal data by our employees.
  • Control the personal data processing activities by the data processors or data processors partners whom we work with.

 

METHOD OF COLLECTION OF PERSONAL DATA AND LEGAL REASON

 

Personal data shared with KOBİ A.Ş. is under its supervision and control. In accordance with the relevant legislation provisions in force, KOBİ A.Ş. assumed the responsibility of establishing the necessary organization in order to protect the privacy and integrity of the information and to take and adapt the technical measures. Being aware of our obligation with this regard, we inform you that we conduct leak tests at regular intervals in accordance with international and national technical standards on data privacy, and that we always update our data processing policies. For the legal reasons explained above, your personal data may be collected orally, in writing or electronically, either automatically or non-automatically, through the Head Office units, branches, stores, internet branch, call centre and all other channels of our Company.

RIGHTS UNDER THE ARTICLE 11 OF THE RELEVANT LAW SAVE FOR THE RIGHTS STIPULATED IN ARTICLE 28 TITLED "EXCEPTIONS"

 

We like to remind you that you have the following rights under the law;

 

(a) to learn whether your personal data is processed or not,

(b) to request information if it is processed,

(c) to learn the purpose of data processing and whether this data is used for intended purposes,

(d) to know the third parties to whom your personal data is transferred at home or abroad,

(e) to request the rectification of the incomplete or inaccurate data, if any,

(f) to request the deletion or destruction of your personal data under the conditions laid down in Article 7,

(g) to request notification of the operations carried out in compliance with subparagraphs (d) and (e) to third parties to whom your personal data has been transferred,

(h) to object to the processing, exclusively by automatic means, of your personal data, which leads to an unfavourable consequence for the data subject,

(i) to request compensation for the damage arising from the unlawful processing of your personal data.

By applying to our company, you have the right to;

  • Learn whether your personal data has been processed, if so, information about it, the purpose of processing and whether it has been used for this purpose, and third parties in the country or abroad where such data has been transferred;
  • Request deletion, destruction or anonymizing of your personal data if it is incomplete or incorrectly processed, in accordance with the conditions stipulated in Article 7 of the Law, and that the transactions made by our Company will be notified to third parties where the information is transferred;
  • Object, when your personal data is analysed by automated systems exclusively and the result is against you and demand the loss be indemnified in case you suffer damage due to illegal processing.

It is possible to use these rights as of 07.10.2016, which is the effective date of the relevant regulation, and we reserve the right to request the expenses to be made by our Company in order to fulfil your requests according to the tariff stated in the 13th article of the Law titled “Application to Data Controller”.

Kobi Uluslararası Tanıtım ve Dağıtım Hizmetleri San.Tic. A.Ş.

Mersis No: 0-5640063904-00018

Web page www.forie.com

E mail info@forie.com

Kep address: kobiuluslararasi@hs05.kep.tr