Personal Data Protection and Processing Policy
Dear Customers, Members, Business Partners, Suppliers and Visitors; As Nefelistore ("Nefelistore" or "Company"), we attach great importance to the protection of your personal data. In this context, we would like to inform you about your personal data and processing processes as the "data controller" in accordance with the Personal Data Protection Law No. 6698 ("KVKK").
With this policy, the sustainability of the Company's "principle of conducting company activities in transparency" is aimed. In this context, the basic principles adopted in terms of compliance of the Company's data processing activities with the regulations in the Personal Data Protection Law No. 6698 ("KVK Law") are determined and the practices fulfilled by the Company are explained.
The Policy is intended for natural persons whose personal data are processed by the Company through automatic or non-automatic means, provided that they are part of any data recording system.
The Policy has been published by the Company on its website and made available to the public. In case of any conflict between the legislation in force, especially the Law, and the regulations in this Policy, the provisions of the legislation shall apply.
The Company reserves the right to make changes to the Policy in parallel with legal regulations.
WHICH PERSONAL DATA DO WE PROCESS?
The following personal data may be processed depending on the exchange of goods/services between you and Nefelistore, the conclusion of a membership agreement, your visits to our workplaces or your entering into a legal or commercial relationship in any other way.
a. Identity Information: Name-Surname, Turkish ID number, date of birth, gender information.
b. Contact Information: Your contact information consisting of your address, telephone number, e-mail address.
c. Audio and Visual Information: Data relating to the images of the persons in the camera recordings made for security purposes in Nefelistore physical environments and the voices of the persons recorded in the call centre calls.
d. Purchased Product and Payment Information: Information about the products purchased within the scope of purchases made from the Nefelistore website or stores.
e. Shopping Habits: Data regarding the results of the results of the person's tastes, likes and preferences obtained through cookies on the Nefelistore websites
f. Contract Information: This refers to all of the data such as signatures, signature circulars, real person company information and transported goods that Nefelistore has entered into the database as a result of the contractual bond established with its business partners, suppliers and outsourcers with whom Nefelistore has a legal or commercial relationship.
CATEGORIES OF RELEVANT PERSONS
|
DEFINITION
|
1
|
Costumer
|
Natural or legal persons who benefit from the services provided by Nefelistore.
|
2
|
Potantial Costumer
|
Refers to natural or legal persons who show interest in using the services offered by Nefelistore, who have the potential to become customers, who express their will to benefit from the services through the website or other channels, and who request an offer.
|
3
|
Visitor
|
It refers to all workplaces belonging to the Company and real persons who visit the website.
|
4
|
Third Parties
|
The above-mentioned categories of Relevant Persons refer to natural persons except Nefelistore employees.
|
5
|
Business partners/suppliers and their employees
|
Parties with whom Nefelistore has established a business partnership for purposes such as the conduct of its business activities or who provide goods or services to the Company in accordance with Nefelistore's instructions and on a contractual basis, and the employees of such parties.
|
HOW AND ON WHAT LEGAL GROUNDS DO WE COLLECT YOUR PERSONAL DATA?
In physical environment;
Your personal data is collected directly from you within the scope of your shopping at Nefelistore's stores, the forms you fill out in stores and events, your store visits, and the contracts you sign.
Electronic Media;
Your personal data is collected directly from you electronically through your shopping on Nefelistore's website, membership forms you fill out, requests and complaints you share on the website, by phone or e-mail, our call centre, and your posts on our social media accounts.
Your personal data collected from both environments are recorded in the Nefelistore database and may be processed by automatic and/or non-automatic means.
Within the scope of the commercial and/or contractual relationship between you and Nefelistore (product or service shopping, membership agreement, workplace visits), within the framework of the purposes stated below and in accordance with Article 5 of Law No. 6698; the establishment and execution of the contract, the fulfilment of legal obligations and our legitimate interests, provided that we observe your rights and do not harm you. During your visits to our workplaces, your identity information and your image with the security camera are recorded for security reasons and processed limited to this operation.
In cases where you do not receive goods or services from Nefelistore and no legal or commercial relationship is established between us, we may process your personal data mentioned above based on your EXPRESS CONSENT in accordance with Article 5, Paragraph 1 of the Law. Your explicit consent can be obtained by submitting the PASSWORD produced for you to Nefelistore personnel in return for your wet signature with printed forms in our store or if you find the clarification text sent to you via SMS appropriate, or by ticking the permission / approval boxes in the membership and shopping areas on the website and pressing the "send" button. Permissions can be revoked at any time.
PURPOSES OF PROCESSING YOUR PERSONAL DATA
Your Personal Data is processed for the purposes set out below:
For Customers:
- Execution of Goods / Service Procurement Processes
- Execution of Goods / Service Sales Processes
- Execution of Customer Relationship Management Processes
- Execution of Activities for Customer Satisfaction
- Ensuring Physical Space Security
- To carry out transactions and activities within the scope of commercial / contractual relationship and to fulfill financial and legal obligations
- Tracking Requests / Complaints
- Fulfillment of legal obligations
- Execution of legal processes
- Promotion and marketing activities
- Sending commercial electronic messages
- Establishment of membership agreements
- Information Security
For Potential Customers:
Your identity and contact information obtained directly from you through your visits to our website and stores, the forms you fill out, your e-bulletin subscription, your posts on our social media accounts, your requests and complaints you send to our call center; Within the framework of the goal of informing you about the products and services of our company and offering you some special products, it is processed for marketing purposes, based on your explicit consent. If there is a request or complaint that you have submitted to Nefelistora, your identity and contact information is processed for a limited period of time in accordance with Article 5/2 of the law in order to manage this request and complaint.
For Suppliers/Business Partners:
Within the scope of the commercial relationship between you and our company, personal data belonging to your company officials and employees can be processed in accordance with the basic principles stipulated in the Law within the scope of the establishment and execution of our contracts, fulfillment of legal obligations and legitimate interests of our company and within the scope of the following purposes within the scope of personal data processing conditions, specified in Article 5 of the Law
- Execution of Activities in Compliance with the Legislation
- Execution of contract processes
- Execution of Finance and Accounting Affairs
- Execution and follow-up of legal processes
- Execution of Company Internal Operations
- Strategy planning & partner/supplier management
- Ensuring physical space security
- Execution of Logistics Activities
- Managing Supply Chain Management Processes
- Preservation of your information that must be kept in accordance with the relevant legislation; copying and backing up to prevent information loss; ensuring the consistency of your information; taking the necessary technical and administrative measures for the security of our databases and your information
For Visitors:
Within the scope of your visits to our company, our website and other workplaces, in addition to ensuring the security of our company and you, depending on the fulfillment of our legal obligations and our legitimate interests, your identity and visual data through security cameras and visitor logbooks in physical environments, your identity and communication data obtained within the scope of internet access provided to you during your visit to our workplace are processed for the following purposes.
- Execution of Audit and Security Activities
- Execution of Information Security Processes
- Creating and Tracking Visitor Records
- Ensuring Physical Space Security
- Providing Information to Authorized Persons, Institutions and Organizations
- Ensuring the Security of Data Controller Operations
- Providing Internet Access and Ensuring Access Security
PARTIES TO WHOM YOUR PERSONAL DATA ARE TRANSFERRED AND THE PURPOSES OF TRANSFER;
Nefelistore may transfer your personal data to the following domestic recipient groups within the scope of the Law and other legislation for the purposes set out in this Policy:
- Our suppliers and business partners that we work with to provide or deliver the services offered to you,
- Our business partners, supplier companies and banks, financial institutions that cooperate and/or receive services for the provision and promotion of services and similar purposes,
- The advertising agencies we use for the management of our website and social media accounts,
- Lawyers, auditors, consultants and service providers,
- To your attorneys, guardians and representatives authorized by you,
- To institutions or organizations authorized to request your personal data, such as regulatory and supervisory institutions, courts and enforcement offices, and persons designated by them,
- Nefelistore, a group company using the same database
COMMERCIAL ELECTRONIC COMMUNICATION
Nefelistore may also process identity and contact data in order to send electronic commercial messages (SMS, E-MAIL, etc.) to data subjects for commercial purposes such as advertisements, campaign announcements, promotions, etc. by using their contact data. Nefelistore obtains electronic communication permission from the relevant persons for this activity and carries out the said activity within the scope of this permission.
YOUR RIGHTS AS A PERSONAL DATA OWNER LISTED IN ARTICLE 11 OF THE LAW:
- Learn whether your Personal Data is being processed,
- Request information if your Personal Data has been processed,
- To learn the purpose of processing Personal Data and whether they are used in accordance with their purpose,
- To know the third parties to whom your Personal Data is transferred domestically or abroad,
- To request correction of your Personal Data if it is incomplete or incorrectly processed,
- To request the deletion or destruction of your Personal Data within the framework of the conditions stipulated in the KVKK legislation1,
- 5. and 6. to request notification of the transactions made within the scope of Articles 5 and 6 to third parties to whom your Personal Data has been transferred,
- To object to the occurrence of a result against you by analyzing the processed data exclusively through automated systems,
- In case you suffer damage due to unlawful processing of Personal Data, to demand the compensation of this damage you have rights.
ENSURING THE SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
In order to prevent unlawful disclosure, access, transfer or other security deficiencies that may occur in other ways, all necessary measures are taken by the Company, within the possibilities, according to the nature of the data to be protected.
In this context, all necessary administrative and technical measures are taken by the Company, an audit system is established within the company and in case of unlawful disclosure of personal data, the measures stipulated in the KVK Law are acted in accordance with.
DESTRUCTION OF PERSONAL DATA
Pursuant to Article 7 of the Law, although it has been processed in accordance with the law, in the event that the reasons requiring its processing disappear, the Company deletes, destroys or anonymizes the personal data ex officio or upon the request of the Data Subject, in accordance with the Data Protection and Destruction Policy specially prepared for this business, the legislation and the guide published by the Authority.
Nefelistore has prepared and internally published a DESTRUCTION POLICY that sets out the procedures for the destruction of personal data. All destruction processes are carried out in accordance with this policy. At the same time, Nefelistore's personal data inventory clearly defines the destruction periods for each process and type of personal data. The periodic 6-monthly data destruction process is based on the storage periods specified in the inventory.
ISSUES RELATED TO THE PROTECTION OF PERSONAL DATA
In accordance with Article 12 of the KVK Law, Nefelistore takes the necessary technical and administrative measures to ensure the appropriate level of security in order to prevent unlawful processing of personal data, unlawful access to data and to ensure the preservation of data, and conducts or has the necessary audits carried out within this scope.
Nefelistore takes technical and administrative measures to ensure that personal data is processed in accordance with the law, according to technological possibilities and implementation costs.
TECHNICAL MEASURES
The main technical measures taken by Nefelistore to ensure the lawful processing of personal data are listed below:
- The personal data processing activities carried out within Nefelistore are monitored through technical systems.
- The technical measures taken are periodically reported to the relevant person as required by the internal audit mechanism.
- Departments have been established for technical issues and knowledgeable personnel are employed.
- New technological developments are followed and technical measures are taken on the systems, especially in the field of cyber security, and the measures taken are periodically updated and renewed.
- Access and authorization technical solutions are implemented within the framework of legal compliance requirements determined for each department within Nefelistore.
- Access authorizations are restricted and regularly reviewed. Access restrictions are applied to former employees and accounts are closed.
- Technical measures taken in accordance with Nefelistore's internal operations are reported to the relevant users, and any issues that pose a risk are re-evaluated and necessary technological solutions are developed.
- Software and hardware including virus protection systems, data vulnerability security and firewalls are installed.
- All information systems, including applications where personal data is collected, are regularly subjected to external impact testing to identify security vulnerabilities and the vulnerabilities found according to the results of this test are closed.
ADMINISTRATIVE MEASURES:
Administrative measures taken by Nefelistore for the lawful processing of personal data:
- Nefelistore employees, dealers and authorized service providers are informed and trained on the law on the protection of personal data and the lawful processing of personal data.
- All personal data processing activities carried out by Nefelistore are carried out in accordance with the personal data inventory and its annexes, which are created by analyzing all business units in detail.
- The personal data processing activities carried out by the relevant departments within Nefelistore; the obligations to be fulfilled in order to ensure that these activities comply with the personal data processing conditions required by the KVKK have been linked to written policies and procedures by Nefelistore, and each business unit has been informed about this issue and the issues to be considered specific to the activity it carries out have been determined.
- The Information Security Committees organize the supervision and management of Nefelistore's departments regarding personal data security. Awareness is raised to ensure that the legal requirements determined on a business unit basis are met, and the necessary administrative measures are implemented through internal policies, procedures and trainings to ensure the supervision of these issues and the continuity of implementation.
In the event that data subjects (Data Subjects) submit their requests regarding their personal data to our Company in writing, the Company, as the data controller, carries out the necessary processes to ensure that the request is finalized as soon as possible and within thirty (30) days at the latest, depending on the nature of the request, in accordance with Article 13 of the KVK Law.
Within the scope of ensuring data security, the Company may request information to determine whether the applicant is the owner of the personal data subject to the application. Our Company may also ask questions about the application in order to ensure that the application of the Data Subject is finalized in accordance with the request.
In cases where the application of the data subject is likely to hinder the rights and freedoms of other persons, requires disproportionate effort, or the information is publicly available, Nefelistore may reject the request by explaining the reason.
Cookie Policy
Nefelistore ("Nefelistore" or the "Company") uses cookies, pixel tags ("pixels") and local storage technologies to facilitate and personalize the use of our website www.nefelistore.com. We want this page to help you understand why these technologies are used and how to control or, if you prefer, delete them.
What is a Cookie?
Almost all companies that offer products or services to their customers through their websites use cookies on these websites. We also use cookies to provide you with a better, faster and safer shopping experience and to improve our products and services in line with your demands and needs. A cookie is a small text file that is stored on your device (e.g. computer or mobile phone) when you visit a website. Cookies can be stored on your device through your browser during your first visit to a website. When you visit the same website again with the same device, your browser checks whether there is a cookie stored on your device on behalf of the website. If there is a record, it transmits the data in the record to the website you are visiting. In this way, the website understands that you have visited the site before and determines the content to be delivered to you accordingly.
Controlling and Deleting Cookies:
While many browsers allow the use of cookies, users can refuse or delete cookies at any time by changing their browser settings. You can remove persistent cookies and reject both session cookies and persistent cookies by following the instructions provided in the "help" file of your internet browser or by visiting "www.allaboutcookies.org" or "www.youronlinechoices.eu". However, the method of changing the settings varies depending on the browser used and how to disable cookies should be learned from the service provider of the browser used. In case cookies are disabled, you may continue to use the website, but you may not be able to access all functions of the website or you may not be able to benefit from some features of our Company's website, applications, platforms and services as your access may be limited.
Category 1: Mandatory Cookies:
These cookies are important for your navigation of the website, for providing access to secure areas of the website and for the assertion of permissions. Without these cookies, the services you have requested, such as the shopping cart or payment page on our website, cannot be provided.
ÇEREZ
|
ÇEREZ’İN TANIMI
|
frontend
|
Kullanıcının daha önce oturum açmış kullanıcı olarak tanımlanabilmesini sağlayan rastgele bir bilgi depolanması ve "Son görüntülenen öğeler" veya giriş yapma durumunda kalma gibi işlevler bu çerezle bağlantılıdır. 1 gün saklanır.
|
Frontend_cid
|
Aynı İşlevdedir.
|
Category 2: 'Statistics and Performance' Cookies:
These cookies collect information about how our visitors use the website. For example, they let us know which pages visitors go to most often and whether they receive error messages from web pages. These cookies do not collect information that identifies a visitor but collect information anonymously.
ÇEREZ
|
ÇEREZ’İN TANIMI
|
_ga
|
Google Universal Analytics ile ilişkisi olan bir çerezdir. Bu çerez, istemci tanımlayıcısı olarak rastgele oluşturulmuş bir numara atayarak benzersiz kullanıcıları ayırmak için kullanılır. Sitelerin analiz raporları için ziyaretçi, oturum ve kampanya verilerini hesaplamak için kullanılır.
|
_gat
|
Google Universal Analytics ile ilişkilidir - yüksek trafik alanlarındaki verilerin toplanmasını sınırlar
|
_gid
|
24 saatlik bir kullanıcı analitiği depolaması yapmaktadır.
|
_utm.gif
|
Ziyaretçinin tarayıcısı ve bilgisayarı hakkındaki ayrıntıları kaydeden Google Analytics İzleme Kodudur.Oturum boyunca saklanır.
|
_utmb
|
Bir web sitesi ziyaretinin süresini hesaplamak için, kullanıcının web sitesinden ne zaman ayrıldığının tam zamanı ile bir zaman damgası kaydeder. Google Analytics tarafından kullanılır. 1 gün saklanır
|
_utmz
|
Kullanıcının nereden geldiği, hangi arama motorunun kullanıldığı, hangi linke tıklandığı ile ilgili verileri toplar. Google Analytics tarafından kullanılır. 6 ay saklanır
|
Category 3: Targeting / Advertising Cookies:
These cookies are used to measure the effectiveness of advertising campaigns and the number of advertisements in accordance with your interests. They are usually placed by advertising networks with the permission of the website operator. They remember the websites you visit and share this information with other organizations such as 3rd party advertisers. Very often these cookies link to other websites with other advertisements for targeting purposes. These cookies are not used by Nefelistore as a first party operator, but targeting is done based on the permissions previously given by users through various channels.
_fbp , tr, fr
|
Facebook tarafından üçüncü taraflardan gelen gerçek zamanlı teklifler gibi bir dizi reklam ürünü sunmak için kullanılır. 3 ay saklanır
|
IDE
|
Bir reklamın etkinliğini ölçmek ve hedeflenmiş reklamları kullanıcıya sunmak amacıyla, Double click tarafından web sitesi kullanıcısının görüntüledikleri veya tıkladıkları reklamlarla ilgili işlemleri rapor etmek için kullanılır 1 yıl saklanır.
|
SetrowIDV2
|
İstatistiksel ve analiz amaçlı yerleştirilmektedir. Kullanıcıların web sitesi üzerindeki davranışları bu materyal aracılığı ile takip edilebilmektedir ve bu veriyle ilişkili olarak senaryolar çalıştırılmaktadır. En fazla 1 yıl saklanır.
|
strw-817-vt.
|
Siteye gelen kullanıcının ilk ziyaret tarihinin kaydının tutulduğu çerezdir. Bu cookie ile kişiyi new visitor, returning visitor olarak işaretleyip bu veriye göre banner, pop-up çalıştırılmaktadır. En fazla 1 yıl saklanır.
|
strw-817-ttt
|
Kullanıcının siteye geldiği ilk tarihten itibaren, sitede kaldığı süreyi saniye cinsinden tutan çerezdir. En fazla 1 yıl saklanır.
|
strw-817-tpvc
|
Kullanıcının siteye geldiği ilk tarihten itibaren, gezdiği sayfa sayısını tutan çerezdir. En fazla 1 yıl saklanır.
|
strw-817-stt
|
Kullanıcının oturum boyunca sitede kaldığı süreyi saniye cinsinden tutan cookie, bu cookie kullanıcı tarayıcıyı kapattığında otomatik olarak silinmektedir.
|
strw-817-spvc
|
Kullanıcının oturum boyunca gezdiği sayfa sayısını saklar, bu cookie kullanıcı tarayıcıyı kapattığında otomatik olarak silinmektedir.
|
strw-817-ptt
|
Kullanıcının bulunduğu sayfada kaldığı süreyi saniye cinsinden saklayan cookiedir.Oturum boyunca saklanır
|
ENFORCEMENT OF THE POLICY
This Policy issued by Nefelistore was put into effect on 0-05-2018. This Policy is published on Nefelistore's website (www.nefelistore.com) and made available to the data subjects upon their request.
Nefelistore (Data Controller)
Address: ---
Mersis No: ---
Web Address: www.nefelistore.com
Telephone: ---