KVKK Policy

KVKK Policy

MARSEA STORE İLAYDA ATAOĞLU takes utmost care to protect privacy and confidentiality and to ensure continuous compliance with the Personal Data Protection Law.

In order to ensure compliance with the Personal Data Protection Law No. 6698 (“ KVKK ”), it adopts the basic principles set forth by the KVKK and fulfills its obligations regarding ensuring data security.

Scope of the Personal Data Processing Policy

This Personal Data Processing Policy provides information to the relevant persons regarding the following issues;

  • The methods and legal reasons for collecting personal data,
  • Which groups of people's personal data are processed,
  • Categories of personal data being processed,
  • In which business processes and for what purposes these personal data are used,
  • Technical and administrative measures taken to ensure the security of personal data,
  • To whom and for what purposes personal data can be transferred,
  • The retention periods of personal data,
  • Legal rights of the relevant persons,
  • How data subjects can change their preferences regarding receiving electronic commercial messages,

Personal Data Collection Methods and Legal Reasons

Marsea Store collects personal data through membership forms, purchase forms and event participation forms on the Marsea Store website in accordance with the personal data processing conditions stipulated in the KVKK and in line with the legal reasons stated in this Personal Data Processing Policy.

Data Categories

Customers

  • Identity Information: Name, surname, date of birth,
  • Contact Information: Email address, phone number
  • Financial Information: Billing information
  • Risk Management Information: IP address, time zone, operating system,
  • Transaction Security Information: Password, country information, city information
  • Marketing Information: Cookie records, targeting information, evaluations showing habits and likes
  • Legal Transaction and Compliance Information: Start and end time of the service provided, type of service used, amount of data transferred, permission for commercial electronic messages given by the relevant person in electronic environment.
  • Marketing Information: E-mails sent based on the commercial electronic message permission given by the relevant person.

Website Visitors

  • Location Information: Country, city
  • Risk Management Information: IP address, session information
  • Marketing Information: Cookie records, targeting information, evaluations showing habits and likes
  • Marketing Information: Marketing e-mail messages sent based on the commercial electronic message permission given by the relevant person.
  • Request/Complaint Management: Records regarding the actions taken during the evaluation or management of complaints and/or requests made by the relevant person regarding the product or service purchased.

In Which Business Processes and For What Purposes Are Personal Data Used?

Customer Personal Data

  • Carrying out membership transactions,
  • Improving the services offered through the Marsea Store website, developing new services and providing information about them,
  • Analyzing the preferences, tastes and needs of existing customers who have consented to commercial electronic messages, and providing special promotions, opportunities and benefits to customers, in order to fulfill distance contracts established with users.
  • Promoting and marketing products and services in line with customer preferences and tastes by conducting remarketing, targeting, profiling and analysis in line with the explicit consent of users,
  • Resolving user problems and complaints,
  • Improving the user experience on the website,
  • Monitoring of accounting and purchasing transactions,
  • Compliance with legal processes and legislation,
  • Responding to requests for information from administrative and judicial authorities,
  • Ensuring information and transaction security and preventing malicious use,
  • Making the necessary arrangements to ensure that the processed data is up-to-date and accurate.

Website Visitors

  • Improving the services offered through the website, developing new services and providing information about them,
  • For visitors who have consented to commercial electronic messages; analyzing their preferences, tastes and needs and providing special promotions, opportunities and benefits to visitors,
  • Promoting and marketing applications, goods/products and services in line with the preferences and tastes of visitors by remarketing, targeting, profiling and analyzing with the explicit consent of visitors,
  • Resolving visitor problems and complaints,
  • Compliance with legal processes and legislation,
  • Responding to requests for information from administrative and judicial authorities,
  • Ensuring information and transaction security and preventing malicious use,
  • Making the necessary arrangements to ensure that the processed data is up-to-date and accurate,
  • Fulfillment of legal obligations

Technical and Administrative Measures Taken to Ensure the Security of Personal Data

Marsea Store undertakes to take all necessary technical and administrative measures and show due care to ensure the security of your personal data.

Marsea Store takes the necessary measures to prevent unauthorized access, improper use, unlawful processing, disclosure, alteration or destruction of personal data. Marsea Store uses generally accepted security technology standards such as firewalls and encryption when processing personal data.

Marsea Store, regarding the prevention of unlawful access to the personal data it processes, the prevention of unlawful processing of these data and the protection of personal data:

  • The website where personal data is collected protects all areas with SSL,
  • Implement access authorizations and restrictions for its employees,
  • It ensures that personal data in paper format is kept in locked cabinets and accessed only by authorized persons.
  • Personal data processed through cookies belonging to third parties from which services are received are deleted from third party systems when the membership is terminated.

Although Marsea Store has taken the necessary information security measures, if personal data is damaged or passed on to unauthorized third parties as a result of attacks on the platforms operated by Marsea Store or the Marsea Store system, Marsea Store immediately notifies the relevant persons and the Personal Data Protection Board and takes the necessary measures.

Transfer of Personal Data

Marsea Store transfers personal data to third parties only for the purposes specified in this Personal Data Processing Policy and in accordance with Articles 8 and 9 of the KVKK.

Personal data collected through website usage preferences and browsing history, distance sales contract execution, membership form and other forms are shared with our business partners located in Turkey/abroad from whom cookie service is received for the purpose of profiling and communicating with the relevant persons in line with their likes and preferences. Personal data transfers made within this scope are carried out through secure environments and channels provided by the relevant third party. Depending on the content and scope of the service received from third parties, masked personal data is used in all cases where the transfer of personal data is not required.

Shopify

Electronic commerce infrastructure service is purchased for the Marsea Store website. Shopify servers are located in the United States. You can access their Privacy Policy here .

Parachute

In order to fulfill our accounting obligations, invoice, collection and pre-accounting services are received. Paraşüt servers are hosted domestically. You can access the Privacy Policy here.

Iyzico

Payment infrastructure service is received for our e-commerce site. Iyzico servers are hosted domestically. You can access Privacy Policies here.

Keyboard

Used to measure usage for our e-commerce site and for email marketing purposes. Klavio servers are hosted in the United States. You can find their Privacy Policy here.

HotJar

It is used to measure in-app usage for our e-commerce site and to improve our services. HotJar servers are hosted in the United States. You can access their Privacy Policy here .

Google Ads

It is an online marketing tool that allows us to display our ads in Google's search results or on partner sites. Google Ads servers are hosted in the United States. Your personal data is not transferred directly and is shared using masking methods. You can access their Privacy Policy here .

Google Analytics

Site performance and analysis technology services are purchased for our e-commerce site. Google Analytics servers are hosted in the United States. Your personal data is not transferred directly and is shared using masking methods. You can access the Privacy Policies here .

Personal data subject to domestic and international transfers, as mentioned above, are legally protected not only by technical measures to ensure their security, but also by the provisions in line with KVKK in our contracts, taking into account whether the other party to the legal relationship is the data controller or the data processor.

When transferring personal information to countries outside of Turkey during the sharing of information as stated above, it is ensured that the data is transferred in accordance with this policy and as permitted by the applicable law on data protection.

Personal Data Storage Periods

Marsea Store stores the personal data it processes in accordance with the KVKK for the periods stipulated in the relevant legislation or required by the purpose of processing. These periods are approximately as follows in our Personal Data Storage and Destruction Policy:

Membership records: 10 years

All records related to accounting and financial transactions: 10 years

Cookies: Maximum 3 years

Traffic information on online visitors: 2 years

CVs: 1 year

Personal data regarding Customer Companies: 10 years after the legal relationship ends

Personal data regarding suppliers: 10 years after the legal relationship ends

Data Subject Rights

The rights of the relevant person regarding personal data processed by Marsea Store, in accordance with Article 11 of the KVKK, are listed below:

  • Learning whether personal data is being processed,
  • To request information regarding the processing of personal data,
  • To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
  • To know the third parties to whom personal data is transferred, either domestically or abroad,
  • To request correction of personal data if it is processed incompletely or incorrectly,
  • Request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK,
  • To request that the operations carried out in accordance with clauses (d) and (e) be notified to third parties to whom personal data has been transferred,
  • To object to a result that is to the detriment of the person himself/herself, as a result of the analysis of the processed data exclusively through automatic systems,
  • To request compensation in case of damages due to unlawful processing of personal data.

In order to exercise your rights over your personal data; you can apply and exercise your rights using the methods specified in the “Application Form” on the Marsea Store website.

Conditions for Destruction of Personal Data

Marsea Store stores the personal data it processes through its website and platform for the periods stipulated by the relevant laws and/or the periods required by the purpose of processing in accordance with Articles 7, 17 of the KVKK and Article 138 of the Turkish Penal Code. In case of expiration of these periods, it will delete, destroy or anonymize them in accordance with the provisions of the Regulation on the Erasure, Destruction or Anonymization of Personal Data.

Deletion of personal data by Marsea Store refers to the process of making personal data inaccessible and non-reusable for the relevant users. Marsea Store implements access authorizations and restrictions at the user level for this purpose. It takes the necessary measures to perform the deletion process in databases.

Anonymization of personal data by Marsea Store means that personal data cannot be associated with an identified or identifiable natural person, even when matched with other data.

Marsea Store explains in detail the methods and technical and administrative measures taken for deletion, destruction and anonymization within the scope of the Personal Data Storage and Destruction Policy prepared in accordance with the Regulation on Deletion, Destruction or Anonymization of Personal Data.

Changes to the Privacy/Personal Data Protection Policy

Marsea Store may make changes to this Personal Data Processing Policy at any time. These changes shall become effective immediately upon publication of the new modified version of the Personal Data Processing Policy. Necessary information will be provided to the relevant persons so that you are informed of the changes to this Personal Data Processing Policy.