Privacy Policy

PERSONAL DATA PROTECTION POLICY

As a data controller, Modanisa Elektronik Mağazacılık ve Ticaret A.Ş. (hereinafter referred to as “MODANİSA” or the “Data Controller”) is committed to the principles laid down by the Personal Data Protection Law No. 6698 (Kişisel Verilerin Korunması Kanunu) (hereinafter referred to as the “Personal Data Protection Law”) and the General Data Protection Regulation (“GDPR”) No. 2016/679 of the European Union, and duly complies with its duties arising therefrom in connection with the processing, deletion, destruction, anonymization, and transfer, of personal data, the provision of necessary information to data subjects, and the data security. We hereby present this Confidentiality and Personal Data Protection Policy (hereinafter the “Policy”) to real persons whose personal data is processed (hereinafter the “data subjects”).
 
1. PURPOSE AND SCOPE OF THE POLICY
This Confidentiality and Personal Data Protection Policy pertains to, and aims at informing data subjects on, the following matters:
Principles governing the processing of personal data
Criteria for processing personal data
Cases where specific personal data may be processed
Enlightening and informing groups of persons
Categorizing personal data
Purposes of processing personal data
Transferring personal data to third parties in Turkey or abroad
Management, and legal basis, of the processing of personal data
Duration of retaining personal data
Ensuring the security of personal data
Cookies
Legal rights of groups of people, and how to exercise these rights, and relevant contact information
Entry into force, and updates
 
2. PRINCIPLES GOVERNING THE PROCESSING OF PERSONAL DATA
2.1. Complying with the applicable law, and the principles of integrity and transparency, when processing personal data
We comply with the principles laid down by the applicable laws and regulations and the generally applied principles of honesty, integrity and transparency, when processing personal data.

2.2. Ensuring the accuracy of personal data, and updating personal data when necessary
We periodically check and update the personal data processed regarding the relevant groups of data subjects, and take any and all reasonable measures to ensure that such data is accurate and up to date at all times. Accordingly we develop systems aiming at checking the accuracy of, and accordingly correcting, personal data. Our members may change and update their personal data by accessing their account at www.modanisa.com

2.3. Processing for specific, clear and lawful Purposes
We process personal data for specific, clear and lawful purposes. This Policy sets forth the details of the purposes for which the data is to be processed.

2.4. Processing Personal Data only for, limited to, and in proportion with the intended purpose
We process personal data only for, limited to, and in proportion with the intended purpose, and refrain from processing any personal data irrelevant to or unnecessary for such purpose.

2.5. Retaining Personal Data as long as required under the applicable legislation or for the purpose of processing
MODANİSA retains Personal Data only as long as required under the applicable legislation or for the purpose of processing. Accordingly we check whether the applicable legislation prescribes a certain period for retaining personal data, and retain personal data for such period, if any. In the event that there is no such prescribed period, then we retain personal data only as long as required for the purpose of processing. Once the prescribed period expires, or the reasons for processing personal data no longer apply, we delete, destroy or anonimyze personal data in accordance with MODANİSA’s Policy for Retaining and Destroying Personal Data, unless there is a legal requirement requiring otherwise. This Policy gives the details of these retention requirements.

2.6. Integrity, and Confidential Treatment, of Personal Data
Personal data is processed by taking any and all technical and administrative measures to ensure such data’s security, including, but not limited to those affording protection against unauthorized or illegal processing, or accidental loss, destruction or damage.
 
3. CONDITIONS FOR PROCESSING PERSONAL DATA
The processing of personal data can be lawful only if one or more of the following criteria is met. If the personal data being processed is sensitive personal data, then the criteria listed under “Purposes of Processing Sensitive Personal Data” apply.
Explicit consent of data subject is only one of the criteria required for lawful processing of personal data. Personal data may also be lawfully processed if any of the other legitimacy criteria set forth below is met.
The personal data of data subjects is being processed in compliance with the legitimacy criteria given below.

3.1. Clear requirement under the applicable legislation
MODANİSA may process personal data of data subject without their consent, if the applicable legislation clearly requires such processing.

For example, the Law Regulating Electronic Commerce requires MODANİSA to process personal data regarding memberships, commercial electronic authorizations, purchase orders, payments, deliveries, cancellations and returns.

3.2. Physical Impossibility of Getting Data Subject’s Explicit Consent, or Requirement to Process Personal Data for Protecting Vital Interests of the Data Subject or a Third Party
In the event that a data subject’s personal data must be processed in order to protect any other person against death or injury and such data subject is not physically or legally capable of giving their consent, then such data may be processed without this consent. Personal data may be also processed without the explicit consent of the data subject if and when such personal data must be processed in order to protect the vital interests of the date subject or a third party.

3.3. Direct Relevance to Entering into, or Performing, an Agreement
Personal data of a contracting party may be processed if such processing is directly relevant to the execution or performance of a contract to be entered into with such party. For example, the personal data that a person may enter for becoming a member of MODANİSA is directly related to the membership agreement, while the processing of the data on the name and address of the receiver is directly relevant to the performance of a distance sale agreement.

3.4. MODANİSA’s Compliance with a Statutory Requirement
A data processor may process a data subject’s personal data without their consent, if such processing is required in order to comply with a statutory requirement. For example if a customer returns a product, MODANİSA is required to process such person’s personal data in order to refund the relevant payment.

3.5. Publicized Personal Data
If a data subject publicizes their personal data, then such data may be processed without their explicit consent. If a member is connected to MODANİSA over social media, then the personal data that such member shares publicly on their social media accounts may be freely processed, provided that such processing is relevant and proportional to the member’s intentions when sharing such data.

3.6. Personal Data Required to be Processes for Evidencing or Protecting a Right
If it is necessary to process data for establishing, exercising or protecting a right, then the data subject’s personal data may be processed without their explicit consent. For example if a Member files a complaint with a consumer arbitration panel, providing the court with the information on the relevant purchase is a form of processing such member’s personal data for evidencing or protecting a right.

3.7. Processing Personal Data Based on Legitimate Interests
MODANİSA may process personal data without the explicit consent of the relevant data subjects, if the legitimate interests of MODANİSA requires such processing, provided that it does not violate their fundamental rights or freedoms.

3.8. Processing Personal Data Based on Explicit Consent
In the event that none of the conditions set forth above for processing personal data is met, then data subject’s explicit consent is required. In such event, data subject’s explicit consent should be taken in accordance with the criteria set by the Personal Data Protection Law and the GDPR. For example, in order to process a data subject’s personal data for sending commercial e-mails, their explicit consent is required.
 
4. LEGITIMACY CRITERIA FOR PROCESSING SENSITIVE PERSONAL DATA
Certain personal data is categorized separately as “sensitive personal data”, and afforded a special protection. MODANİSA applies separate criteria and affords separate protection to sensitive personal data.
4.1. Processing Sensitive Personal Data based on Data Subject’s Explicit Consent
Sensitive personal data may be processed in accordance with the principles set forth in this Policy, and by taking the necessary administrative and technical measures, if the data subject explicitly consents to such processing.

4.2. Processing Sensitive Personal Data without Data Subject’s Explicit Consent
A data subject’s sensitive personal data, other than medical and sexual data, may be processed without the consent of such data subject for the purposes required under the applicable legislation, provided that the measures set by the Personal Data Protection Council are sufficiently taken. Medical and sexual personal data may be processed only for protecting public health, providing protrective medicine, medical diagnosis, treatment and care services, and planning and managing the financing of healthcare services, only by those subject to nondisclosure obligations, or the authorities and agencies authorized for such purposes. For example medical information related to occupational health and workplace safety may be processed by the workplace MD of MODANİSA.
 
5. ENLIGHTENING AND INFORMING DATA SUBJECTS
MODANİSA informs and enlightens data subjects when collecting their personal data. This information is also provided at www.modanisa.com ,or by displaying the relevant policies and informatory texts or placing QR codes in the company’s common areas, stores and offices. Such information contains the name of MODANİSA’s data officer, the types of personal data processed, the purposes of processing personal data, to whom personal data may be transferred and for which purposes, the methods employed for collecting personal data, the legal basis of processing personal data, and the rights that data subject may have regarding such processing. Data subjects may apply to MODANİSA anytime to get information by sending an e-mail to kisiselverilerim@modanisa.com MODANİSA will promptly reply with the relevant information.
 
6. CATEGORIES OF PERSONAL DATA
MODANİSA processes following categories of personal data belonging to data subjects. In addition to the below mentioned categories, there are employment records and other similar information processed regarding company’s employees, trainees, subcontractors, etc., which are set forth in MODANİSA’s Policy on the Processing of Employees’ Personal Data.
 
Identity Information:
Name, Surname, Birthday, Gender, Citizen Identity Card No.
 
Customer – Member customer, visiting customer
Supplier’s representative
Supplier’s employee
Candidate for employment
Contact Information:
Cell phone number, e-mail address, address, postal code, landline number
Customer – Member customer, visiting customer
Supplier’s representative
Supplier’s employee
Candidate for employment
Location Customer – Member customer, visiting customer
Supplier’s employee
Legal Transactions:
Agreements, legal information
Customer – Member customer, visiting customer
Supplier’s representative
Supplier’s employee
Candidate for employment
Customer Transactions:
Product(s) purchased, size and color preferences, amount and date of purchase, call center call records, campaigns/games participated, coupons used, order info.
Customer – Member customer, visiting customer
Transaction Security:
Passwords, passcodes, IP information
Customer – Member customer, visiting customer
Online visitor
Supplier’s representative
Supplier’s employee
Finance
Invoice info, bank account info, financial info, payment, outstanding debt/credit
Customer – Member customer, visiting customer
Supplier’s representative
Supplier’s employee
Professional experience Supplier’s employee
Candidate for employment
Marketing Customer – Member customer, visiting customer
Online visitor


 
7. PURPOSES OF PROCESSING PERSONAL DATA
7.1. Processing Conditions
Personal data is processed if
  • the applicable legislation clearly requires the processing of your personal data;
  • MODANİSA needs to process your personal data directly for executing or performing an agreement;
  • MODANİSA needs to process your personal data for performing a statutory duty;
  • the personal data in question has already been publicized by the data subject in question, provided that such processing does not go beyond the purpose of such publicizing;
  • MODANİSA requires to process personal data for evidencing, exercising or protecting any right belonging to MODANİSA, or any data subject or third party;
  • MODANİSA needs to process personal data for legitimate purposes, without violating any data subject’s fundamental rights or freedoms;
  • MODANİSA needs to process personal data in order to protect the data subject or any third party against death or injury, provided that such data subject or third party is not physically or legally capable of expressing their consent or it is a must to process the personal data in order to protect vital interests of the data subject or a third party.
In the event that none of the criteria set forth above is met, then MODANİSA takes the explicit consent of the data subject before processing their data.

7.2. Purposes of Processing
MODANİSA processes personal data for the purposes given below:

FOR CUSTOMERS:

Personal Data of Member Customers may be processed for:
  • completing membership process;
  • presenting, improving or developing services, and providing information in connection therewith;
  • performing membership agreements and distance sale agreements;
  • announcing promotions, campaigns and benefits, and conducting marketing activities, with the explicit consent of data subjects;
  • Improving desktop, tablet, mobile platform and mobile app experiences;
  • accounting and purchase transactions;
  • compliance with legal processes and applicable legislation;
  • responding to any information request made by administrative or judicial authorities;
  • ensuring data and transaction safety, and preventing malicious use;
  • making the necessary arrangements for ensuring the accuracy and up to dateness of the data processed;
  • establishing and implementing the processes aiming at ensuring data safety and improving internal processes.
Personal data of visiting customers (shopping without membership) may be processed for
  • making available and improving the services provided by MODANİSA, developing new services, and providing information in connection therewith;
  • announcing promotions, campaigns and benefits, and conducting marketing activities, with the explicit consent of data subjects;
  • Improving desktop, tablet, mobile platform and mobile app experiences;
  • accounting and purchase transactions;
  • compliance with legal processes and applicable legislation;
  • responding to any information request made by administrative or judicial authorities;
  • ensuring data and transaction safety, and preventing malicious use;
  • making the necessary arrangements for ensuring the accuracy and up to dateness of the data processed;
  • establishing and implementing the processes aiming at ensuring data safety and improving internal processes.
Personal data of suppliers (including their authorized personnel and employees) may be processed for
  • managing the business processes conducted with the suppliers;
  • complying with statutory requirements and conducting legal matters, such as entering into agreements for necessary services;
  • entering into agreements with selected suppliers, and conducting the relevant operations;
  • conducting purchase, manufacturing, supply and other similar operations;
  • conducting purchase operations, providing post-sale services, and conducting the processes related to returns and cancellations;
  • complying with the requirements of the law on occupational health and applicable agreements;
  • checking the payment of the premiums required to be made to employees and the state under the Social Security Act;
  • checking the licenses of employees (certificates, authorization letters etc.);
  • ensuring the frugal use of company’s sources, and improving company’s operations for the benefit of customers:
  • getting letters from suppliers wherein they undertake to comply with the obligations under the Personal Data Protection Law that MODANİSA needs to comply with regarding personal data security;
  • monitoring accounting processes and purchases, checking and approving payments;
  • complying with legal proceedings and applicable legislation, performing statutory duties;
  • responding to information requests made by administrative and judicial authorities;
  • ensuring information and transaction security, and preventing malicious use;
  • making necessary arrangements for ensuring the up to dateness and accuracy of the data processed;
  • checking the performance of actions undertaking, and planning inspections.
Personal data of candidate for employment may be processed for
  • complying with HR policies, conducting and completing HR processes;
  • planning selection and assessment processes regarding job applicants;
  • performing the activities required in connection with occupational health and workplace safety;
  • conducting the necessary communication for recruiting;
  • selecting and assigning trainees, and planning operational processes.
Personal data of online visitors may be processed for
  • keeping log entries of system operations by online visitors and users;
  • compliance with the legal processes and the applicable legislation;
  • responding to information requests made by administrative and judicial authorities;
  • ensuring information and transaction security, and preventing malicious use;
  • complying with statutory requirements.
8. TRANSFERRING PERSONAL DATA TO THIRD PARTIES IN TURKEY OR ABROAD
8.1. Transferring Personal Data
Personal data and sensitive personal data may be transferred to third parties (legal entities or persons) for certain processing purposes by taking any and all necessary security measures, provided that the conditions set forth in Articles 8 and 9 of the PDPL are met.
Personal data may also be transferred abroad given the software and server infrastructure used or outsourced.
The Personal Data Protection Agency has not yet announced its lists of secure countries, and accordingly personal data may be transferred abroad under Article 9 of the PDPL with the explicit consent of data subjects.

8.2. Third Party Transferees of Personal Data
Your personal data may be transferred to the categories of people listed below:
  • MODANİSA’s business partners,
  • MODANİSA’s suppliers,
  • MODANİSA’s subsidiaries,
  • MODANİSA’s shareholders,
  • Public authorities and entities authorized by law
  • Private legal entities authorized by law
9. METHOD AND LEGAL BASIS FOR COLLECTING PERSONAL DATA

The Company processes your personal data that it receives electronically or physically by using methods that are fully or partially automatic, or that is not automatic, but a party of a data recording system, for the legitimate purposes given below for each category of persons, in accordance with Article 5 of the PDPL and the relevant provisions of the GDPR, for the purposes given in this Policy.
 
For Clients (Members and Visitors):  

  • Protecting rights and interests of the Clients;
  • Granting certain rights and privileges to the Clients for business purposes;
  • Maintaining and developing intracompany activities;
  • Performing the duties imposed by the applicable laws and regulations;
  • Processing personal data of contracting parties, if and when directly necessary for executing or performing an agreement;
  • Processing personal data for legitimate interests of the data controller, such as entering the Clients’ purchase orders to the relevant bookkeeping and analysis software, to ensure the sustainability of the business, provided that such processing does not violate the Clients’ fundamental rights and freedoms;
  • The Client’s express consent.
For Suppliers and Business Partners (Suppliers/Business Partners, Authorized Representatives of Suppliers/Business Partners, Employees of Suppliers/Business Partners):
  • Performing a legal duty imposed on the data processor;
  • Processing personal data of contracting parties, if and when directly necessary for executing or performing an agreement;
  • Processing personal data for the data processor’s legitimate interests, such as keeping the contact details of the relevant parties to maintain business and ensure fast and effective communications;
  • The Supplier’s/Business Partner’s express consent.
For Potential Employees:
  • Processing personal data of contracting parties, if and when directly necessary for executing or performing an agreement;
  • Processing personal data for the data processor’s legitimate interests, such as keeping and analyzing personal data for any recruitment in the future, provided that such processing does not violate potential employees’ fundamental rights and freedoms;
  • The Potential Employee’s express consent.
For Online Visitors:
  • Processing personal data of contracting parties, if and when directly necessary for executing or performing an agreement
  • Processing personal data for the data processor’s legitimate interests, such as analyzing the most visited pages for business development purposes, provided that such processing does not violate online visitors’ fundamental rights and freedoms;
  • The Online Visitor’s express consent.
10. RETENTION PERIODS FOR PERSONAL DATA
Please find below information on how long MODANİSA retains personal data that it processes, and the legal basis of such processing.
 
Identity 15 years starting from the end of the legal relationship Law No. 6563 Regulating Electronic Commerce (6563 Sayılı Elektronik Ticaretin Düzenlenmesi Hakkında Kanun), Turkish Code of Commerce No. 6102 (6102 Sayılı Türk Ticaret Kanunu), Turkish Code of Obligations No. 6098 (6098 Sayılı Türk Borçlar Kanunu), Tax Procedure Code No. 213 (213 Sayılı Vergi Usul Kanunu), Consumer Protection Law No. 6502 (6502 Sayılı Tüketicinin Korunması Kanunu), Labor Code No. 4857 (4857 Sayılı İş Kanunu), Occupational Health and Workplace Safety Law No. 6331 (6331 Sayılı İş Sağlığı ve Güvenliği Kanunu )
Contact 10 years starting from the end of the legal relationship Law No. 6563 Regulating Electronic Commerce Turkish Code of Commerce No. 6102, Turkish Code of Obligations No. 6098, Tax Procedure Code No. 213, Consumer Protection Law No. 6502, Labor Code No. 4857, Occupational Health and Workplace Safety Law No. 6331
Location 10 years starting from the end of the legal relationship Law No. 6563 Regulating Electronic Commerce Turkish Code of Commerce No. 6102, Turkish Code of Obligations No. 6098
Litigation 10 years starting from the final decision Civil Litigation Procedure Code No. 6100 (6100 Sayılı Hukuk Muhakemeleri Kanunu), Criminal Litigation Procedure Code No. 5271 (5271 Sayılı Ceza Muhakemeleri Kanunu)
Customer transactions 10 years starting from the end of the legal relationship Law No. 6563 Regulating Electronic Commerce Turkish Code of Commerce No. 6102, Turkish Code of Obligations No. 6098, Tax Procedure Code No. 213, Consumer Protection Law No. 6502, Law No. 5651 for Regulating Online Broadcasts and Combatting Crime Committed by way of such Broadcasts (Law No. 5651 on Regulation of Broadcasts on the Internet and Combating Crimes Committed Through These Broadcasts)
Transaction security 2 years Law No. 5651 for Regulating Online Broadcasts and Combatting Crime Committed by way of such Broadcasts
Finance 10 years starting from the end of the legal relationship Law No. 6563 Regulating Electronic Commerce, Turkish Code of Commerce No. 6102, Turkish Code of Obligations No. 6098, Tax Procedure Code No. 213, Consumer Protection Law No. 6502
Marketing Throughout the legal relationship  
 
11. PERSONAL DATA SECURITY
In order to secure personal data, MODANİSA takes reasonable measures against the risks of unauthorized access to, or accidental loss, intentional erasure, or corruption, of data.
We take any and all technical and physical measures to prevent unauthorized access to personal data. Within this context, we design our authorization system allowing access to personal data on a need to know basis. We take more strict measures to ensure the security of sensitive personal data, such as medical data. We conduct a security check and apply an internal screening process on any person authorized to access data, and provide such persons with trainings on their duties and responsibilities.
We keep records of access to personal data, to the extent permitted by available technical capacities, and periodically analyze these records. We launch internal inspections, and take immediate legal action, when we detect unauthorized access
MODANİSA takes the following security measures to ensure the security of the data that it processes:
  • The network and application security is ensured.
  • Close system network is used to transfer data through a network path;
  • Key method is used.
  • Security measures are taken, in the scope of supply, development and maintenance of information technologies systems.
  • The security of personal data stored on cloud is ensured.
  • There are disciplinary regulations, involving data security provisions for employees.
  • Data security and awareness themed periodical trainings for employees are arranged.
  • Authorization matrix for employees is formed.
  • Access logs are kept regularly.
  • Corporate policies are created and started to be executed in fields of access, information security, retention and destruction.
  • Confidentiality agreements are made.
  • Mission based authorization of employees, who change positions or quit their jobs, are taken back.
  • Up-to-date antivirus systems are used.
  • Firewalls are used.
  • Concluded agreements contain data security provisions.
  • Additional security measures are taken for personal data that are transferred in printed form, and the relevant papers are sent as classified documents.
  • Personal data security policies and procedures are set.
  • Personal data security issues are reported without delay.
  • Personal data security is monitored continuously.
  • Necessary security measures are taken for access to physical media containing personal data.
  • Physical media containing personal data is secured against external risks (such as fire, flood, etc.).
  • Physical media containing personal data is secured.
  • Personal data is minimized as much as possible.
  • Personal data is backed up, and the backups are secured.
  • Periodical/random in-house inspections are conducted.
  • Log records are kept free from user intervention.
  • Current risks and threats are determined.
  • Policies and procedures for ensuring the security of sensitive personal data are specified and executed.
  • When sending sensitive personal data by e-mail, such data is sent in encrypted form from a registered or corporate e-mail address.
  • Attack detection and prevention systems are used.
  • Penetration tests are run.
  • Sensitive private data is encrypted before being transferred on a flash disk, CD or DVD.
  • Data processing service providers are periodically inspected for data security purposes.
  • Data processing service providers’ awareness on data security is raised.
12. COOKIES
MODANİSA uses cookies, pixels, GIFs and other similar technologies (“cookies” ) for enabling visitors to efficiently use its website and applications, and improve user experience. These technologies are used in line with any and all applicable laws and regulations, particularly the Personal Data Protection Law. If a data subject chooses not to use cookies, they may delete or block cookies in their browser settings. Please see the Cookies Policy for further information on the cookies used by MODANİSA.
 
13. AUTOMATED PROCESSING
MODANİSA automatically processes the behavioral data of its clients and potential clients through cookies and other similar technologies in order to provide targeted products and services. By collecting such data, it analyses the products that may preferred by such persons. For example, it statistically matches the products sold in general, and automatically offers products similar to those that the user is interested in as well as special promotions.
 
14. LEGAL RIGHTS OF GROUPS OF PERSONS, AND HOW TO EXERCISE THESE RIGHTS
14.1. Rights on personal data under the Personal Data Protection Law
Article 11 of the Personal Data Protection Law lists the rights that may be exercised by groups of persons as follows:
  • Get information on whether or not personal data has been processed;
  • Ask for information on how personal data has been processed;
  • Get information on the purpose of processing personal data, and check whether or not personal data has been duly processed for this purpose;
  • Learn the identity of third parties to whom personal data has been transferred in Turkey or abroad;
  • Request the correction of any missing or incorrect personal data;
  • Ask for the deletion or destruction of personal data in accordance with the conditions set forth in Article 7 of the Personal Data Protection Law, and the notification of the action taken under the said Article to any and all third parties to whom personal data has been transferred;
  • Object to any unfavorable consequence of the analysis of personal data exclusively by automated systems;
  • Claim damages arising from unlawful processing of personal data.
14.2. Rights over Personal Data under the GDPR
Data subjects’ rights on their personal data are set forth in the 3rd Chapter of the GDPR (from Article 12 to Article 23) as follows:
  • You may withdraw your consent if your personal data is being processed based on your express consent;
  • You may demand the restriction of the processing of your personal data where one of the following applies:
    • You contest the accuracy of your personal data, for a period enabling the controller to verify the accuracy of your personal data;
    • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
    • Your personal data are no longer needed for the purposes of the processing, but you require such data for establishment, exercise or defense of legal claims;
    • You have objected to processing pursuant to Article 21 (1) of the GDPR pending the verification whether our legitimate interests override your rights.
  • You may object to the processing of your personal data if your personal data are processed for protecting public interests or based on the data controller’s authority under the applicable law or the legitimate interests of the data controller or a third party, including by way of profiling;
  • You have the right to access the following:
    • The verification of the processing of your personal data, the purposes of the processing and the categories of personal data concerned;
    • The recipients or categories of recipients to whom your personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored, or oif not possible, the criteria used to determine that period;
    • The existence of the right to request the rectification or erasure of personal data or restriction of processing of personal data, and the existence of the right to lodge a complaint with a supervisory authority;
    • Any available information as to the source of your personal data, if not directly collected from you; and
    • The existence of automated decision making mechanisms that we use, including profiling, meaningful information about the lgic involved as well as the envisaged consequences of such processing for you, and the significant information.
  • You may have your personal data transferred to you or another data controller, if that it technically possible, in an organize, usable and machine readable format, if your personal data are processed based on your express consent, or a contractual provision, by using automated mechanisms.
  • You may get information on the existence of automated decision making processes, including profiling, the logic involved and their possible consequences and significance for you.

14.3. Principles Governing the Exercise of Rights on Personal Data
Data subject may exercise their rights on personal data by filling in the Personal Data Protection Application Form available at www.modanisa.com , sign it by mobile signature and e-signature, or use their e-mail address registered and approved by our System, and send it to our registered e-mail modanisa@hs03.kep.tr or our e-mail address kisiselverilerim@modanisa.com. You may also file your applications in printed form by hand signing your application and sending it to Kuşbakışı Cad. No:27 Altunizade, Üsküdar/İstanbul. You may also use the same address for any notice that you would like to give by the virtue of a notary public regarding your claims.

We will respond in 30 days following any application filed in line with the procedure set forth above and in the Personal Data Protection Law. If your application is rejected, you find our response insufficient or we fail to timely respond to your application, you may file a complaint with the Personal Data Protection Board within 30 days following your receipt of our response, and in any event, 60 days after your application.

We appointed a data protection officer (a “DPO”) under the GDPR to ensure the transparency, and accuracy of the processing of your personal data and the relevant compliance. You may contact our Data Protection Officer at dpo@modanisa.com

15. ENTRY INTO FORCE; UPDATES
This Policy entered into force upon its announcement. This policy is updated from time to time in order comply with the changes in the applicable legislation and respond to the changes in the surrounding circumstances. After being updated as required by the relevant Board resolutions and the surrounding circumstances, MODANİSA Data Protection Committee submits the updated policy to MODANİSA’s Board of Directors for approval, and then announces it on www.modanisa.com.

You may find the personal data protection application form at this link

Modanisa.com’s contact details are as follows:
Modanisa Elektronik Mağazacılık ve Tic. A.Ş.
Address: Altunizade Mahallesi Kuşbakışı Cad. No:27/1 Üsküdar/İstanbul
Telephone: 0850 333 64 72 (NISA)
E-mail:  kisiselverilerim@modanisa.com
 

You have registered successfully.

Loading...