Privacy and Personal Data Protection Policy
Change Cookie Settings
Protection of personal data Merkür Spor Malz. Paz. A.Ş. (“MerkürSpor A.Ş”) is an important issue. As a data controller, MerkürSpor A.Ş. adopts the principles stipulated by the KVK Law in order to comply with the Personal Data Protection Law No. 6698 (“KVK Law”), and fulfills its obligations regarding the processing, deletion, destruction, anonymization, transfer of personal data, informing the relevant person and ensuring data security. The Privacy and Personal Data Protection Policy issued within this scope is made available to real persons whose personal data is processed (“Data Subject”).
Scope and Purpose of the Privacy and Personal Data Protection Policy
This Privacy and Personal Data Protection Policy
Methods and legal reasons for collecting personal data,Which groups of persons’ personal data are processed (Data Subject Person Group Categorization),
The categories of personal data processed in relation to these groups of persons (Data Categories) and sample data types,
In which business processes and for what purposes this personal data is used,Technical and administrative measures taken to ensure the security of personal data,To whom and for what purpose personal data may be transferred,Retention periods for personal data, What are the rights of the Data Subjects on their personal data and how they can exercise these rights,explains.
A. Methods and Legal Grounds for Collecting Personal Data
MerkürSpor A.Ş. collects personal data electronically or in writing through the website, forms, notifications from administrative and judicial authorities and other communication channels, in accordance with the personal data processing conditions specified in the KVK Law and in line with the legal reasons specified in this Privacy / Personal Data Protection Policy.
B. Data Subject Person Group Categorization
MerkürSpor A.Ş categorizes the data subject groups whose personal data are processed in personal data processing processes and activities related to these processes as follows. In addition, personal data of other groups of persons (consultants, etc.) may also be processed in accordance with the personal data processing conditions specified in Articles 5 and 6 of the KVK Law and in line with the legal reasons specified in this Privacy/Personal Data Protection Policy.
C. Data Categories and Sample Data Types
Customer Data
Identity Information: Name, surname, Turkish ID number, place/date of birth, gender
Contact Information: cell phone, e-mail address, address
Financial Information: Tax office, invoice information
Customer Transaction Information: product(s) purchased, shopping amount, shopping date, commercial communication consent, payment information
Sensitive Personal Data/Legal Transaction Data: Signature
2.Online Visitor
Transaction Security Information: Password, cell phone, passcode information
Legal Action Information/Risk Management Information: IP address, Turkish ID number, e-mail address, date of birth
Legal Action and Compliance Information: Start and end time of the service provided, type of service utilized, amount of data transferred.
3.Website Users / Potential Customer
Identity Data First name, last name
Contact Information: E-mail address, telephone number
4.Supplier or Supplier Employee or Official
Identity Information: TR Identity Number, Name and surname
Contact Information: e-mail address, address, cell phone
Financial Information: Account No, Tax office, Tax Identification Number, tax plate, IBAN
Legal Procedure and Compliance Information: Signature circular, certificate of activity,
Sensitive Personal Data/Legal Process Information: Signature
D. In Which Business Processes and for Which Purposes Personal Data are Used
Customer Data
Promotion and marketing of goods/products and services by Merkür Spor A.Ş. with the explicit consent of the customer,
Creating service appointments,
Resolving customer problems and complaints,
Execution and follow-up of accounting and invoicing transactions,
Legal processes and compliance with legislation,
Responding to information requests from administrative and judicial authorities,
Making the necessary arrangements to ensure that the processed data is up-to-date and accurate
Ensuring physical space security
2.Online Visitor Personal Data
Processing of online visitor data within the scope of Law No. 5651,
Legal processes and compliance with legislation,
Responding to information requests from administrative and judicial authorities,
Ensuring information and transaction security and preventing malicious use,
Fulfillment of legal obligations
E. Technical and Administrative Measures Taken to Ensure the Security of Personal Data
MerkürSpor A.Ş. undertakes to take all necessary technical and administrative measures and to show the necessary care to ensure the confidentiality, integrity and security of your personal data.
MerkürSpor A.Ş. takes the necessary measures to prevent unauthorized access to personal data, misuse, unlawful processing, disclosure, alteration or destruction of personal data. MerkürSpor A.Ş. uses generally accepted security technology standards such as firewalls and Secure Socket Layer (SSL) encryption when processing personal data. In addition, when sending personal data to MerkürSpor A.Ş. through the website, this data is transferred using SSL.
In order to prevent unlawful access to personal data processed by MerkürSpor A.Ş., to prevent unlawful processing of this data and to ensure the protection of personal data:
The website where personal data is received protects all areas with SSL,
In order to prevent unlawful processing of personal data collected from the website, it creates and implements access authorization and control matrices for its employees,
It ensures that personal data in paper media are kept in locked cabinets and accessed only by authorized persons.
In addition to the technical measures to ensure the security of the personal data subject to the above-mentioned domestic transfer, they are also legally protected thanks to the provisions in compliance with the PDP Law included in our contracts, taking into account that the counterparty of the legal relationship is the data controller or data processor.
G. Personal Data Retention Periods
MerkürSpor A.Ş. keeps the personal data it processes in accordance with the KVK Law for the periods stipulated in the relevant legislation or required by the purpose of processing. These periods are
All records related to accounting and financial transactions 10 years Law No. 6102, Law No. 213
Traffic information on online visitors 2 years Law No. 5651
Personal data of customers 10 years after the end of the legal relationship; 3 years in accordance with Law No. 6563 and related secondary legislation Law No. 6563, Law No. 6102, Law No. 6098, Law No. 213, Law No. 6502
Personal data of suppliers 10 years after the legal relationship ends Law No. 6102, Law No. 6098 and Law No. 213
What are the Rights of the Data Subjects on their Personal Data and How they can Exercise these Rights
The rights of the Data Subject on personal data processed by Merkür Spor A.Ş. in accordance with Article 11 of the KVK Law are listed below:
Learn whether personal data is being processed,
Request information if their personal data has been processed,
To learn the purpose of processing personal data and whether they are used for their intended purpose,
To know the third parties to whom personal data are transferred domestically or abroad,
To request correction of personal data in case of incomplete or incorrect processing,
Conditions for Deletion, Destruction and Anonymization of Personal Data
Merkür Spor A.Ş. stores the personal data it processes through its website and mobile site for the periods stipulated by the relevant laws and/or for the periods required by the purpose of processing in accordance with Articles 7, 17 of the KVK Law and Article 138 of the Turkish Penal Code. If these periods expire, it will delete, destroy or anonymize it in accordance with the provisions of the Regulation on Deletion, Destruction or Anonymization of Personal Data.
Deletion of personal data by MerkürSpor A.Ş. refers to the process of making personal data inaccessible and non-reusable in any way for the relevant users. MerkürSpor A.Ş. creates and implements an access authorization and control matrix at the user level for this purpose. It takes the necessary measures to perform the deletion process in the database.
Destruction of personal data by MerkürSpor A.Ş. refers to the process of making personal data inaccessible, unrecoverable and non-reusable by anyone in any way.
Anonymization of personal data by MerkürSpor A.Ş. means that personal data cannot be associated with an identified or identifiable natural person under any circumstances, even if it is matched with other data.
MerkürSpor A.Ş. will perform deletion, destruction or anonymization in accordance with the Regulation on Deletion, Destruction or Anonymization of Personal Data.
Amendments to the Privacy/Personal Data Protection Policy
MerkürSpor A.Ş. may make changes to this Privacy/Personal Data Protection Policy at any time. These changes take effect immediately upon the publication of the new amended Privacy/Personal Data Protection Policy. In order for you to be informed about the changes in this Privacy/Personal Data Protection Policy, you, our members, will be informed.
