VETRIS ATELIER · İSTANBULEST. 2022
Vetris Atelier

Protection of Personal Data

General Information About the Law

Law No. 6698 on the Protection of Personal Data (hereinafter referred to as the "PDPL") was adopted on 24 March 2016 and published in the Official Gazette No. 29677 dated 7 April 2016. Part of the PDPL entered into force on the date of publication, and part on 7 October 2016.

Information in Our Capacity as Data Controller

VETRIS (Neslihan Uğurlu Uğurlu Ticaret — the "Company") acts in the capacity of data controller under the PDPL. Your personal data will be recorded, stored, updated, disclosed/transferred to third parties where permitted by law, classified, and processed in the ways set out in the PDPL, within the framework explained on this page. For any questions or requests, you can reach us at [email protected].

How Your Personal Data Is Processed

Under the PDPL, the personal data you share with our Company may be processed by being obtained, recorded, stored, modified, and reorganised — in short, subjected to any kind of operation performed on data — whether wholly or partly by automated means or by non-automated means provided that it forms part of a data recording system. Under the PDPL, any operation performed on data is regarded as the "processing of personal data".

Purposes and Legal Grounds of Processing

The personal data you share is processed for the following purposes and on the basis of the legal grounds set out in Articles 5 and 6 of the PDPL:

  • To fulfil the requirements of the services we provide to our customers in accordance with the contract and the requirements of technology, and to improve our products and services;
  • To determine and record the identity, address, and other necessary information of the transacting party within the scope of Law No. 6563 on the Regulation of Electronic Commerce, Law No. 6502 on Consumer Protection, the Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce based thereon (Official Gazette 26.08.2015/29457), the Distance Contracts Regulation (Official Gazette 27.11.2014/29188), and other relevant legislation;
  • To prepare all records and documents that will form the basis of transactions, in electronic or paper form, for the payment systems that are mandatory in the field of banking and electronic payment; and to comply with the data retention, reporting, and notification obligations prescribed by legislation and other authorities;
  • To be able to provide information to public prosecutors, courts, and relevant public officials — upon request and as required by legislation — in matters relating to public security and in legal disputes.

Third Parties and Organisations to Which Your Personal Data May Be Transferred

For the purposes stated above, the personal data you share with our Company may be transferred — limited solely to the relevant purpose — to ikas, which provides our e-commerce infrastructure, as well as to persons and organisations related to the services provided, such as suppliers and shipping companies, and to business partners and domestic/international organisations from whom we receive services to carry out our operations and/or in the capacity of data processor. Beyond this scope, your data is not sold or rented to third parties.

How Your Personal Data Is Collected

Your personal data may be collected through the following channels:

  • Through forms on our Company's website and mobile applications — information such as name, surname, Turkish ID number, address, telephone, and email address; together with membership login preferences, IP records of transactions, cookie data, browsing duration and details, and location data;
  • Through channels such as our sales and marketing units, our suppliers, other sales channels, paper forms, business cards, digital marketing, and the call centre — verbally, in writing, or electronically;
  • Through business cards, CVs, and other means for the purpose of establishing a commercial relationship with our Company, making a job application, or submitting an offer — in physical or virtual environments, face to face or remotely, verbally, in writing, or electronically;
  • Indirectly, through data obtained from the website, blog, surveys, campaigns, and similar (micro) websites and social media, newsletter open/click activity, and publicly available sources.

Transfer of Personal Data Abroad

Your personal data collected by any of the methods listed above — whether processed in Türkiye or processed and stored outside Türkiye — may also be transferred to service intermediaries located in countries that have adequate protection in terms of the protection of personal data, provided that it remains within the scope of the PDPL and is consistent with the purposes of the contract.

Storage and Protection of Personal Data

Your personal data is stored confidentially in the databases and systems held by our Company in accordance with Article 12 of the PDPL; it is not shared with third parties in any way other than for legal obligations and the arrangements set out in this document. Our Company is obliged to take software measures — such as preventing the unlawful processing of data, blocking unauthorised access, and access management — as well as physical security measures. Should it be learned that personal data has been obtained by third parties through unlawful means, the situation is reported immediately and in writing to the Personal Data Protection Board.

Retention Period

Your personal data is retained for the period necessary for the purpose for which it is processed and for the legal retention periods prescribed in the relevant legislation (for example, 10 years for commercial and tax records). Upon expiry of the period, your data is deleted, destroyed, or anonymised.

Keeping Personal Data Up to Date and Accurate

Under Article 4 of the PDPL, our Company has an obligation to keep your personal data accurate and up to date. In this context, in order to fulfil the obligations arising from legislation, our customers are required to share their accurate and current data or to update it via the website/mobile application.

Your Rights Under the PDPL

Under Article 11 of the PDPL, you have the right to: learn whether your personal data is being processed; request information if it has been processed; learn the purpose of processing and whether it is used in accordance with that purpose; know the third parties to whom it is transferred domestically or abroad; request the correction of incompletely or incorrectly processed data; request its deletion or destruction; request that these operations be notified to the third parties to whom the data was transferred; object to a result arising against you as a consequence of analysis carried out exclusively by automated systems; and, should you suffer damage due to unlawful processing, request that the damage be remedied.

Method of Application

You can submit your requests regarding the rights listed above to [email protected]. Depending on their nature, your requests are concluded free of charge as soon as possible and within thirty days at the latest; however, should the process require an additional cost, the fee set out in the tariff determined by the Board may be charged.

Contact

For any questions or requests regarding the protection of your personal data, you can reach our Company at [email protected].