The purpose of this Privacy Policy and Disclosure Text ( “Policy” ) is to inform Users and Visitors about the terms and conditions regarding the processing of personal data provided to the Company and/or obtained from employees and officers of natural person Users and legal entity Users during the use  of the Site , for the services (“Services”) provided through the Site (“User/s,” “Customer/s,” “Visitor/s” or “You”) of the website “ www.sidrabitkisel.com” ( “ Site” ) managed by Sidra Bitkisel (“Company”). Definitions in the User Agreement ( “Agreement” ) published on the Site will be taken into consideration in the interpretation of expressions not defined in this Policy.

You can feel safe using the Site. However, please remember that no system is completely secure. Even if we take all necessary steps to protect your data, there is always the possibility that you may be compromised. Therefore, we would like to remind you to be very careful when sharing your personal data. Processing of data submitted by you without the Company’s request, other than the data requested by the Company, will not be considered personal data processed by the Company under this Policy. Therefore, we strongly advise you not to share your images, or any other personal data not requested by the Company, via email, text message, or any other communication channel.

Which of your data is processed?

Under this heading, the data collected is processed within the scope of the services offered by the Company and is considered personal data under Law No. 6698 on the Protection of Personal Data ( “Law” ). User personal data, non-personal data, and data collected through cookies are grouped below. Unless explicitly stated otherwise, the term “personal data” within the scope of the terms and conditions set forth in this Policy includes the information below.

• Personal Data:
• Data Collected for Membership Transactions: Name, Surname, Email Address, Address Information, Telephone Number, Zip Code
• Data Collected for Billing Information: Name, Surname, Email Address, Address Information, Telephone Number, Zip Code
• Data Relating to Third Parties: During the Service used on the Site, personal data belonging to any third party account shared in relation to the Service, such as e-mail address, any username, etc., belonging to a third party.
• Other Data
  • Sensitive Personal Data: Sensitive personal data is defined by the Personal Data Protection Authority as “data that, if learned, may lead to discrimination or victimization against the relevant person.” The Company does not process Users’ sensitive data.
  • Data Processed Through Cookies: You can access detailed information about your processed data, including the IP Address used, the type of device used, the operating system and browser information, in the “Cookie Policy” published on the Site.

Pursuant to Articles 3 and 7 of the Law, data that is irreversibly anonymized will not be considered personal data under the Law, and processing activities related to this data will be carried out without being bound by the provisions of this Policy.

The User undertakes to ensure that the information covered by this Policy is complete, accurate, and current, and to promptly update any changes to this information. The Company will not be held liable for any circumstances arising from the User’s failure to provide up-to-date information.

Which Collected Data Will We Anonymize?

Anonymizing data means preventing the identification of individuals or making them indistinguishable within certain groups, so that they cannot be associated with a natural person. In this context, your anonymized data includes:

1. The times users and visitors enter the Site,

(ii) The products they view and their characteristics, (iii) the frequency of their use of the Site and purchase of services, (iv) data regarding the cities from which users use the Site or purchase services, and (v) information regarding the countries searched on the Site and the frequency of searches from these countries.

For What Purposes Do We Process Your Data?

The Company may share the personal data it collects from the representatives of legal entity Users with preferred third party companies to carry out the necessary logistics operations within the scope of the performance of the Services. The Company may process the personal data provided by the Users and new data generated by the Company using this personal data for the purposes of ensuring that the Users benefit from the Site without interruption, carrying out the necessary operational processes while providing the service (such as enabling the Users to log in to the Site without wasting time and receive Services, to list the companies from which they will receive Services and which they will reach through the Site, to eliminate communication errors between the companies they have decided to receive services from, etc.), to provide and improve the services subject to the Site, to ensure the security of the User’s data, to manage the relationship management processes with the Users, to ensure coordination between the Company’s units for the continuity of the Services, to keep visitor records, to inform the Users and Visitors about promotions and advantages and to provide information about marketing activities to be carried out, to create statistical data from Visitors’ data, to fulfill the Company’s obligations arising from laws and regulations, and to prevent existing or future legal disputes.

Regarding Cookies

The Company may obtain information about Users’ use of the Site using cookies, which are technical communication files. The Company may process data within this scope and may transmit these data to third parties for processing within the scope of analysis services offered by third parties, but only to the extent required by these analysis services. These technical communication files are small text files that the Site sends to Users’ browsers to be stored in the main memory. The technical communication file facilitates Internet use by storing status and preference settings for a website. The technical communication file is designed and used to obtain statistical information about how many people use the Site over time, the purpose for which a person visits the Site, how many times, and how long they stay. It is also designed to help dynamically generate advertising and content from user pages specifically designed for Users. The technical communication file is not designed to retrieve any other personal data from the main memory. Most browsers are initially designed to accept technical communication files, but Users can always change their browser settings to prevent the receipt of technical communication files or to alert them when technical communication files are sent. You can find details about cookies in the “Cookie Policy” on the Site. The Company may identify and use Users’ IP addresses when necessary to identify and promptly resolve system-related issues. IP addresses may also be used to generally identify Users and gather comprehensive demographic information.

Legal Reason for Data Collection

The primary reason for collecting this data is our obligations under the relevant legislation. We also collect the personal data classified above pursuant to our contractual relationship with Users, our legitimate interests, and our adopted commercial principles.

Who Has Access to Your Data?

The Company shares the personal data provided by Users and Visitors, and new data generated by the Company using this personal data, with the company reached through the Site, which will perform the service that the User wishes to receive from the Site, in order to provide and/or develop the Services, to improve the Users’ experience, and to carry out the service operation in order to achieve any of the purposes specified under the heading “For What Purposes Do We Process Your Data?” of this Policy.

The Company may also process and share the data subject to this Policy with third parties without obtaining Users’ consent, in accordance with Articles 5 and 8 of the Law and/or in the presence of exceptions in the relevant legislation. The main cases are listed below:

• It is clearly provided for in the laws,
• If it is necessary for the protection of the life or physical integrity of a person who is unable to give his consent due to a physical impossibility or whose consent is not legally valid, or if it is necessary for the protection of the life or physical integrity of another person,
• The processing of personal data is necessary, provided that it is directly related to the establishment or performance of a contract, including the contract,
• It is mandatory for the Company to fulfill its legal obligations,
• It has been made public by the Users themselves,
• Data processing is necessary for the establishment, exercise or protection of a right,
• Data processing is necessary for the Company’s legitimate interests, provided that it does not harm the fundamental rights and freedoms of the Users.

The Company collects personal data to receive data hosting services, limited to the fulfillment of the above-mentioned purposes, only:

• With your explicit consent,
• The conditions stipulated in the law are present and there is adequate protection in the country to which the data will be transferred,
• In the event that the conditions stipulated in the Law exist and there is no adequate protection in the country of transfer, but sufficient protection is undertaken by the data controller in the relevant country and the Personal Data Protection Board ( “Board” ) also has the permission, the data controller will have the right to transfer to service providers abroad (which may belong to itself, its affiliates, subcontractors or service providers whose reliability has been proven at the international level).

ATTENTION USERS:

The User is responsible for the data knowingly provided to third parties, and the Company has no responsibility in the relevant sharing.

About Your Right to Access Your Data and Requests for Correction

By applying to the Company, Users can obtain information about themselves;

• Learning whether personal data is being processed,
• Learning whether personal data is being processed,
• To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
• To know the third parties to whom personal data is transferred, either domestically or abroad,
• To request correction of personal data if it is processed incompletely or incorrectly,
• To request correction of personal data if it is processed incompletely or incorrectly,
• Request the deletion or destruction of personal data within the framework of the conditions stipulated in the relevant legislation,
• To request that the correction, deletion and destruction operations carried out in accordance with the relevant legislation be notified to third parties to whom personal data has been transferred,
• To object to the emergence of a result against the person himself/herself by analyzing the processed data exclusively through automated systems,
• To request compensation in case of damage due to unlawful processing of personal data.

Users may exercise their legal right to apply in line with their requests specified above, by submitting their requests through one of the methods listed below, or through other methods determined by the Personal Data Protection Board, in accordance with Article 13, Paragraph 1 of the Law and other relevant legislation. The available methods specified in the Law are as follows:

1. After filling out the Application Form ( “Application Form” ) in accordance with the Law on the Protection of Personal Data, which can be found on the Site, and signing it, it must be sent to the Company’s headquarters, Sanayi Mah. Teknopark Bulvarı Teknopark 4A Apt. No: 1/4A/101 Pendik/ Istanbul (By the applicant personally coming and hand-delivering their ID with a supporting document.)
2. After completing the Application Form and signing it with the “secure electronic signature” defined in the Electronic Signature Law No. 5070, the secure electronically signed form should be sent to the e-mail address “ iletisim@sidrabitkisel.com ” (The subject of the e-mail should be written as “Personal Data Protection Law Information Request”).
3. After completing the Application Form and signing it with a wet signature, it should be sent to the Company’s headquarters at Sanayi Mah. Teknopark Bulvarı Teknopark 4A Apt. No: 1/4A/101 Pendik/ Istanbul via a notary public (the words “Request for Information Within the Scope of the Personal Data Protection Law” should be written on the notification envelope.)

In order for a person other than the applicant to make a request, there must be a special power of attorney issued by the personal data owner on behalf of the person who will make the application.

Storage Period of Personal Data

The Company will act in accordance with the provisions of Law No. 6698 and the Regulation on the Deletion, Destruction, or Anonymization of Personal Data ( “Regulation” ). In order to fulfill the obligations arising from the nature of the Services specified in this Policy, and to enable Users to benefit from the Site and Services, the Company will retain personal data provided by Users for 10 years from the last day the Service was provided to them, and data collected from Visitors for 10 years from the date their communication permissions are revoked. The Company will destroy personal data in the first periodic destruction process following the date on which the obligation to destroy personal data arose pursuant to the Regulation. The Company will duly fulfill its obligations arising from Article 12 of the Regulation to Users who request the destruction of their personal data pursuant to Article 13 of the Law.

Our Measures and Commitments Regarding Data Security

The Company, in accordance with the conditions set forth in the relevant legislation or stated in this Policy, transmits to it electronically through the Site,

• Personal data is not processed unlawfully,
• Personal data should not be accessed unlawfully,
• It undertakes to take the necessary technical and administrative measures and to carry out the necessary audits to ensure the appropriate level of security in order to ensure the protection of personal data.

The Company may not disclose personal data obtained about Users to anyone in violation of this Policy and Law No. 6698, and will not use it for purposes other than those for which it was processed. If links to other applications are provided on the Site, the Company shall not be responsible for the privacy policies and content of such applications.

Communication Permission

You hereby consent to the collection, storage, processing, use, and transfer of your personal data, which you have consented to be shared with us through electronic communication permission, as specified in this Policy, for the purpose of providing you with various advantages and sending you personalized advertising, sales, marketing, surveys, reservation privileges, and all kinds of electronic communications and other communication messages for similar purposes. The Company will contact Users via mail for purposes such as verification by email address during registration, verification of identity in case of forgotten password, creation of a website, advertising on the website, sharing of the website, etc., notifications for security reasons, and e-invoices. The Company will contact Users via phone or SMS for purposes such as verification of phone number during registration, notification as a two-factor authentication method, verification of identity in case of forgotten password, and notifications for security reasons. The Company will take all necessary measures to securely store such personal data in accordance with Article 12 of the Law and to prevent unauthorized access and unlawful data processing.

User Privacy Regarding Age Limit

The Company will not knowingly collect or store data from individuals under the age of 18. If you are under the age of 18, we strongly advise you not to use the Platform or Services and not to share any personal data with the Company. The Company will take reasonable steps to delete data immediately upon learning that data from a person under the age of 18 has been collected.

Changes to Policy

The Company may change the provisions of this Policy at any time by publishing them on the Site. Any amended Policy provisions made by the Company will become effective on the date of publication. The Company will provide Users with the necessary information to ensure they are aware of any changes to this Policy.

Dispute Resolution

This Policy is governed by the laws of the Republic of Türkiye. All disputes arising from this Policy or related to this Agreement will be resolved in the Kocaeli Central Courthouse and Enforcement Offices.

We would like to point out that if this Policy is not approved by the Users, you will not be able to benefit from the Services.