Obligation to Inform Regarding the Processing of Personal Data and Consent Text
About Our Information Security Management System (ISMS) Efforts at Silverline Ev Gereçleri Sat. Paz. A.S.
Silverline Ev Gereçleri Sat. Paz. A.S. has implemented its Information Security Management System efforts and applies an international standard as its methodology in these efforts. We have shared our Information Security Policy with our customers, suppliers, and the public.
Information Regarding the Personal Data Protection Law
We would like to inform you about the Law No. 6698 on the Protection of Personal Data (PDPL), which aims primarily to protect individuals' privacy and fundamental rights and freedoms during the processing of personal data and sets out the obligations and procedures that real and legal persons processing personal data must comply with.
Some Terms and Definitions Related to the Law
Personal Data: Under this law, personal data is defined as "any information related to an identified or identifiable natural person"; processing is defined as "any operation performed on data, such as obtaining, recording, storing, retaining, changing, rearranging, disclosing, transferring, taking over, making available, classifying, or preventing its use, whether wholly or partly by automatic means or otherwise than by automatic means provided that it is part of a data recording system."
Processing of personal data: Is defined as "any operation performed on data, such as obtaining, recording, storing, retaining, changing, rearranging, disclosing, transferring, taking over, making available, classifying, or preventing its use, whether wholly or partly by automatic means or otherwise than by automatic means provided that it is part of a data recording system."
Explicit Consent: As defined in the relevant article of the law, it means "consent on a specific subject, based on information and given with free will”. As the Data Controller, we wish to inform you in line with our obligations under the law and obtain your explicit consent.
1. Purpose of the Clarification Text and Our Company's Position as Data Controller
Silverline Ev Gereçleri Sat. Paz. A.S. presents the following explanations to our customers and 3rd parties using our website and/or mobile applications, aiming to fulfill the obligation to inform under Article 10 of the Law No. 6698 on the Protection of Personal Data (PDPL). Silverline Ev Gereçleri Sat. Paz. A.S. will update the Statement on the Protection of Personal Data in line with potential changes in the current legislation.
Purpose and Transfer of Processing Personal Data of Customers
Your personal data is used by our institution for the following purposes:
- To confirm the identity information of the person who shops/has shopping done via the website/mobile applications,
- To record address and other necessary information for communication,
- To communicate with our customers regarding the terms, current status, and updates of contracts executed under the Distance Sales Contract and relevant articles of the Law on Consumer Protection, and to provide necessary information,
- To provide information to public officers upon request and according to the legislation regarding matters of public safety,
- To arrange all records and documents that will be based on processing in electronic (internet/mobile etc.) or paper medium,
- To provide our customers with a better shopping experience, to inform our customers about our products they might be interested in "considering the interests of our customers", to convey campaigns,
- To increase customer satisfaction, to recognize our customers who shop from our website and/or mobile applications, to use in customer environment analysis, and to use in various marketing and advertising activities, and to organize surveys in electronic and/or physical media through contracted institutions,
- To make suggestions to our customers by our contracted institutions and solution partners, and to inform our customers about our services,
- To evaluate customer complaints and suggestions regarding our services,
- To evaluate your job applications,
- To use during cooperation, joint business, supply, and subcontracting business and transactions,
- To fulfill the obligations related to contracts,
- To fulfill our legal obligations and to use our rights arising from current legislation,
- To prevent fraud and other illegal activities.
Disclosure about the transfer to third parties and the reasons for it
At Silverline Ev Gereçleri Sat. Paz. A.S. the sharing of personal data of our customers, stakeholders, and suppliers with third parties takes place within the framework of the permission of our customers, suppliers, and stakeholders and as a rule, personal data is not transferred to third parties without the approval of our customer, our suppliers, and stakeholders.
The personal data of our customers, suppliers, and stakeholders is shared with courts and other public institutions, limited to and due to our legal obligations.
Technical and legal measures are taken to prevent rights violations during data transfer to third parties. Our institution implements the Information Security Management System and conducts works on information security and data security in a way that meets legal requirements as well.
Your personal data can be shared directly/indirectly with our domestic/foreign affiliates, institutions and organizations we cooperate with to conduct our activities, domestic/foreign persons and institutions from which we receive cloud storage services, domestic/foreign organizations we have contracted with for sending commercial electronic messages, Interbank Card Center (BKM) and banks we have an agreement with. In order to provide better service to you and improve customer satisfaction, it can also be shared with various public relations, advertising companies, market research institutions, survey companies, and domestic/foreign other third parties and our relevant business partners.
3. Method and Legal Grounds for Collection of Personal Data
Personal data, obtained from our customers through the www.gumus-grup.com website, physical stores, and mobile applications, is processed by Silverline Ev Gereçleri Sat. Paz. A.S. based on the consent of our customers and in accordance with statutory provisions. Personal data collected for the legal reasons mentioned above can be processed and transferred according to the 5th and 6th articles of the Law and as specified in this Disclosure Obligation and Consent Text.
4. Our Obligations Regarding Data Security
Data Controller
- Prevent unlawful processing of personal data,
- Prevent unauthorized access to personal data,
- Ensure the protection of personal data, by taking all necessary technical and administrative measures to ensure an adequate level of security.
- If the data controller processes personal data on their behalf by another natural or legal person, they are jointly liable with such persons to take the measures specified in the first subparagraph.
- The data controller must conduct or arrange necessary audits within its organization to ensure compliance with the provisions of this Law.
- Data controllers and data processors cannot disclose personal data they learn to others contrary to the provisions of this Law and cannot use them for purposes other than processing. This obligation continues even after they leave their position.
- In case personal data is acquired by others through unlawful means, the data controller must notify the concerned person and the Board as soon as possible. If necessary, the Board may announce this situation on its own website or through another method it deems appropriate.
5. Rights of Data Subjects including Customers, Stakeholders, and Suppliers
Pursuant to Article 11 of Law No. 6698, data subjects have the right to:
- Learn whether personal data concerning them is being processed,
- Request information if their personal data has been processed,
- Understand the purpose of the data processing and whether this data is used in accordance with its purpose,
- Know the third parties in the country or abroad to whom personal data is transferred,
- Request rectification in case personal data is processed incompletely or inaccurately and to request that third parties to whom personal data has been transferred be informed about the operations carried out in this scope,
- Request deletion or destruction of personal data when the reasons requiring its processing cease to exist, and to request that third parties to whom personal data has been transferred be informed about the operations carried out in this scope,
- Object to any conclusion against the person himself/herself, by means of the exclusive analysis of the processed data through automatic systems,
Demand compensation for damages in case they incur damages due to unlawful processing of personal data.
Scope of Law No. 6698 on Communication: Requests related to the exercise of the aforementioned rights can be conveyed by personal data subjects through the methods specified in the regulations on the Processing and Protection of Personal Data within the scope of Law No. 6698, available at https://www.silverline.com provided by Silverline Ev Gereçleri Sat. Paz. A.S. Silverline Ev Gereçleri Sat. Paz. A.S. will evaluate these requests and conclude them within 30 days. Silverline Ev Gereçleri Sat. Paz. A.S. reserves the right to charge a fee based on the tariff (if any) determined by the Personal Data Protection Board for the requests. You can make your requests related to the law via the email address kverilerim@silverline.com.tr.
Regarding the Exercise of the Right to Refuse and Cancel: For any questions or opinions related to the use of personal data within the scope of the law, you can reach us at kverilerim@silverline.com.tr. With the explanations made above, we have informed you and fulfilled our obligation to enlighten. If our explanations did not satisfy you, you can opt-out of the membership. To do this, you can use the "I want to cancel my membership" option from the "My Account" section.