Special 10% discount code for your first purchase: HELLO10
Privacy Policy
Protecting the information you share with us during your visits to LOY TEKSTİL TİCARET İTHALAT VE İHRACAT LTD ŞTİ (“THEOFNITE” or “We”) website or mobile applications as a visitor, user, or customer is important to us. Therefore, we have prepared this Privacy Policy (“Policy”) for you.
When you use our website or digital applications as a visitor, user, or customer, your IP address and location are logged, along with the date and time you access the site. This information is used to analyze your use of the portals and our users' needs and is not shared with third parties. The IP information of our website or mobile application visitors is not used to identify them.
Other confidential information, including your personal data, will not be transferred to or shared with third parties outside the purpose and scope determined by this Policy.
We adopt an approach that is fully compliant with internationally accepted privacy protection standards in protecting the privacy of our visitors, users and customers, providing a secure experience in providing information and in the use of personal information.
1. Your personal data you share with us
You share your personal data with us when you use and visit our website or mobile applications by becoming a member or when you subscribe to our electronic newsletters.
1.1. Personal data you provide to us
You share information such as your name, surname, e-mail address, home and mobile phone numbers, home address, credit card information, location information, accounts, profiles and media files on your mobile device with us when you register, contact customer service or use any of our products or services.
1.2. Your personal data that we collect automatically
Data such as the services you use, our ads, your frequency of interaction with us, information and data regarding the devices you use, your frequency of service use, your category preferences, time, call records, the number or date of the calling phone, browser and log information collected through cookies, and your voice recordings during your conversations with our customer service team are automatically collected through our programs and software. For more detailed information about cookies, please review Article 6 of this Policy and our Cookie Policy available on our website.
2. The purposes for which we use your personal data
Sharing your information will enable us to provide you with products and services as needed, to provide more responsive service, and to improve our websites. The data you share with us or that we automatically collect from you includes, but is not limited to, the following:
To provide personalized services to our visitors, users and customers and to increase user satisfaction by improving the user experience,
· To communicate with our visitors, users or customers to the extent they allow us to do so, and to inform them about our services and campaigns,
· To monitor the technical functions of the THEOFNITE website and mobile applications and ensure that they operate as required,
· To use for advertising sales purposes so that our visitors, users and customers can continue to benefit from the THEOFNITE website and mobile applications free of charge,
· To send you our publications,
· To send newsletters or notifications via e-mail,
Answering your questions and providing effective customer service,
To inform you about our new services,
· Direct marketing through the THEOFNITE website and mobile applications or through collaborators,
To use in various statistical evaluations, database creation and market research without revealing the identity of our visitors, users or customers,
Identifying system-related problems and promptly resolving any issues that may arise within the THEOFNITE website or mobile applications,
To develop and improve our services and increase content and product diversity by analyzing visitor, user or customer experience,
To communicate with you regarding our services (instant message, e-mail, other online and offline messages/push notifications), to offer you options in line with your preferences and likes, to provide you with technical support in case you encounter technical infrastructure problems, to share with you current developments and product recommendations regarding the products you are following;
To take technical and legal measures regarding our products and services (for example, to prevent the sharing of illegal content)
If you use our services from your mobile device or mobile application, you may be asked to share your geographic location information. This way, we can personalize your location information on our own digital platforms or when we collaborate with third parties, and when you share your geographic location information, we can provide you with content or related advertising and services based on your region or country, respond quickly to your needs and offer solutions, manage your account, or;
· It is used for advertising sales purposes to ensure that our visitors, users and customers continue to benefit from THEOFNITE websites and mobile applications free of charge.
2.1. Data you share with us through our website or mobile applications
You may choose to share your information with us through various online channels, such as when you become a member or register through the THEOFNITE website and mobile applications, or by signing up for our electronic newsletter. You can share your personal data with us by contacting one of our customer service representatives via email, phone, or letter. Sometimes, THEOFNITE may obtain your personal information from third parties outside of THEOFNITE. This may include the acquisition of a company of which you are a customer, or the disclosure of your personal information by one of our partner companies, provided that such companies have obtained your express consent.
It is possible to register on the THEOFNITE website through your accounts on social networks such as Facebook, Twitter, and Instagram without entering your name, surname, date of birth, email address, etc. By choosing to register for our services through social networks under this Policy, you authorize us to process, transfer, and store the data sent to us by these social networks. You are advised to check the current list of third parties to whom we transfer your data and to review Article 3 of this Policy.
LOY TEXTILE TRADE IMPORT AND EXPORT LTD.
If you choose to disclose information or personal data to the public (e.g., by commenting, voting, rating, giving advice, and expressing your opinions) and sharing it in a way that other visitors or users can access and see (e.g., your photograph, name, surname, date of birth, nickname), it will be considered disclosed by you and we may use it for statistical, advertising, or promotional purposes without your explicit consent. We have no responsibility in cases where the personal data you disclose is used by third parties or other sites.
2.2. Data you share with us as a visitor through our website or mobile applications
If you visit our website or digital platforms without registering, we may collect information about your digital behavior (such as the number of clicks, the frequency of tab openings, or the topics you're interested in), your IP address, and the devices you use. This information is collected solely for analytical and statistical purposes, without identifying individuals.
3. Sharing of Data
Your personal information may be transferred to THEOFNITE and the real or legal persons it cooperates with, limited to the provision of products and services, and you may be contacted about our product options or opportunities specific to you. THEOFNITE may also use your personal information for statistical purposes and may only use it with the real or legal persons it cooperates with for the purpose of carrying out these studies.
We collect information about your website usage frequency and style through cookie files. You can stop this information sharing by changing your browser settings at any time. For more detailed information, please review Article 6 of this Policy.
LOY TEXTILE TRADE IMPORT AND EXPORT LTD.
3.1. Sharing personal data with collaborating natural or legal persons
THEOFNITE may sell you a product or provide a service in partnership with legal entities or individuals with whom it collaborates. In such cases, THEOFNITE will inform you in advance of the existence of such a partnership and who our partner is, before you register with THEOFNITE through a membership form, electronic newsletter, etc.
LOY TEXTILE TRADE IMPORT AND EXPORT LTD.
THEOFNITE does not sell or share your personal data with other third parties in a way that would allow them to use it for their own purposes.
4. Links to third-party websites or mobile applications provided by our website or mobile applications
We may provide links to third-party websites, portals, or mobile applications on our website or mobile applications. However, we are not responsible for the implementation of the privacy policies of these third-party websites. The privacy policies of websites or mobile applications owned by parties other than THEOFNITE may differ from this Policy. Therefore, you are advised to review the privacy policies and personal data processing policies of these third parties.
5. Protecting the confidentiality of the information you share with us
We recognize our responsibility to protect the information you entrust to us. We take precautions to keep the personal data you share with us confidential, maintain it as a trade secret, and prevent unauthorized disclosure of your data to third parties or the public to maintain the confidentiality of confidential information. For administrative and technical measures we implement, you are encouraged to review the THEOFNITE Personal Data Processing and Protection Policy available on our website.
5.1. Security
As THEOFNITE, we undertake to take the most comprehensive and appropriate preventive security measures by analyzing the current information and data values and risk status to protect your information, including your personal data, in light of current technological developments, including secure databases, servers, firewalls (security software) and encryption of e-mail information, and to notify the personal data owner and the competent administrative authorities as soon as possible in the event that any user's information is stolen, deleted from the system or changed as a result of a cyber attack by third parties.
6. Data Collected via Cookies and Beacon (Location Requested Advertising Application)
Cookies covered by this Policy are valid for websites and mobile platforms operated by THEOFNITE, platforms accessed and used through third party programs or websites.
Cookies are small pieces of data placed on devices (computer, phone, tablet) to ensure the proper functioning of a website, improve user experience, develop and optimize the site, provide more appropriate, interest-based advertising, and provide an interesting and personalized website/application and advertising portfolio for visitors.
Your usage information regarding THEOFNITE websites and mobile applications is obtained through these cookies. Cookies facilitate internet use by storing website status and preferences. Cookies help us obtain statistical information about how many people use THEOFNITE websites and mobile platforms, the purpose for which a person visits THEOFNITE websites and mobile platforms, how many times they visit, and how long they stay on them. They also help us dynamically generate advertising and content from user-specific user pages.
Cookies are not designed to retrieve data or other personal information from memory or email. Most browsers are initially designed to accept cookies, but users can adjust their settings to prevent cookies from being sent or to receive alerts when cookies are being sent. Visitors or users are deemed to have given their explicit consent to the use of cookies unless they change these settings.
We may use technologies such as cookies and beacons and place them on your device. If you do not accept technologies and packages such as cookies, THEOFNITE websites and mobile platforms may not perform the functions you expect, or disruptions may occur.
We may share data collected through cookies with third parties for advertising purposes. For more detailed information, please review our Cookie Policy on our website.
7. Management of Your Information
If you contact us and indicate that you do not want our data to be stored, we undertake to delete, destroy or anonymize data that is not necessary for the operation of our system, that we are not obliged to keep due to legal obligations, or that the periods stipulated by law for storage have expired, under the conditions and methods stipulated in the relevant legislation.
With your support, we will keep your personal information up-to-date and accurate, using the latest technological advancements. You can request information about your rights under the Personal Data Protection Law, including information about what personal data we hold about you in our databases, by sending an email to the email address provided in the Personal Data Processing and Protection Policy on our website.
8. Blocking of electronic messages
You can opt out of receiving email or instant messaging services we send you for marketing or advertising purposes at any time, using the methods provided in the messages. In this case, your personal data in our databases will be deleted, destroyed, or anonymized, unless otherwise stipulated by law. For detailed information about these processes, please review the Personal Data Processing and Protection Policy available on our website.
9. Children
At THEOFNITE, all of our departments, including the individuals and legal entities we collaborate with, are aware of the sensitivity of your children's personal data and take the utmost care to protect it. Sharing your child's personal data with us is the responsibility of the parent or legal representative. You can contact us via email to discuss your child's personal data, including personal data shared without the parent's/legal representative's consent.
We do not knowingly process data from users under the age of 18, and we recommend that parents take an active role in supervising their children's online activities.
10. Changes to our Policy
Our policy is published at www.theofnite.co for easy access and information of our customers. THEOFNITE may unilaterally change its other policies, including this Policy, without prior notice to its users, subscribers or visitors.
Our policies are effective from the date they are published on www.theofnite.co. Therefore, we recommend that you follow the Policy updates.
11. Applicable Law, Competent Courts and Enforcement Offices
This Privacy Policy is subject to the laws of the Republic of Türkiye. Istanbul Çağlayan Courts and Enforcement Offices have jurisdiction to resolve any disputes that may arise from the implementation of this Privacy Policy.
12. Contact Permission
By accepting this Privacy Policy, you consent to the collection, storage, processing, use and transfer of your personal data, which you have consented to be shared with us, to third parties with whom THEOFNITE has a contractual relationship, for the purpose of providing and offering you various advantages and sending you special promotions, advertisements, sales, marketing, surveys and all kinds of electronic communications for similar purposes via telephone, short message (SMS), electronic mail and similar means, and sending other communication messages.
PROTECTION AND PROCESSING OF PERSONAL DATA
POLICY
LOY TEXTILE TRADE IMPORT AND EXPORT LTD.
(“THEOFNITE”)
2023
1. PURPOSE
As LOY TEKSTİL TİCARET İTHALAT VE İHRACAT LTD ŞTİ, our priority is to process the personal data of real persons, including our customers, consumers, suppliers and employees, in accordance with the Constitution of the Republic of Turkey and the international agreements on human rights to which our country is a party, as well as the relevant legislation, particularly the Personal Data Protection Law No. 6698 ("KVKK"), and to ensure that the data subjects whose data are processed can effectively exercise their rights.
For this reason, as THEOFNITE, we process, store and transfer all personal data regarding our employees, visitors, business contacts, business partners, customers, suppliers, consumers, users visiting our website, in short, all the personal data we obtain during our activities, including but not limited to the ones listed above, in accordance with the Personal Data Protection and Processing Policy (“Policy”).
The protection of personal data and the protection of the fundamental rights and freedoms of individuals whose personal data is collected are fundamental principles of our personal data processing policy. Therefore, in all our activities involving personal data, we maintain the protection of privacy, confidentiality of communication, freedom of thought and belief, and the right to effective legal remedies.
To protect personal data, we take all administrative and technical protection measures required by the nature of the relevant data in accordance with legislation and current technology.
This Policy explains the methods we follow for processing, storing, transferring and deleting or anonymizing personal data shared during our commercial or social responsibility and similar activities, within the framework of the principles referred to in the KVKK.
2. SCOPE
All personal data processed by the Company, including our customers, consumers, business contacts, business partners, employees, suppliers, potential customers, and third parties, are within the scope of this Policy.
Our policy is implemented in all activities related to the processing of personal data owned or managed by the Company, and has been prepared in accordance with the KVKK and other relevant legislation on personal data, as well as international standards in this field.
3. DEFINITIONS AND ABBREVIATIONS
In this section, special terms and expressions, concepts, abbreviations, etc. used in the Policy are briefly explained.
3.1. Company: [*] (THEOFNITE)
3.2. Explicit Consent: Approval given on a specific subject, based on information and free will, with clarity that leaves no room for hesitation, and limited only to that transaction.
3.3. Anonymization: Making personal data incapable of being associated with an identified or identifiable natural person in any way, even when matched with other data.
3.4. Employee: Company Personnel.
3.5. Personal Data Owner (Relevant Person): The natural person whose personal data is processed.
3.6. Personal Data: Any information relating to an identified or identifiable natural person.
3.7. Special Personal Data: Data regarding individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect, or other beliefs, appearance and dress, membership in associations, foundations or unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data.
3.8. Processing of Personal Data: Any operation performed on data such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data, either fully or partially by automatic means or non-automatic means provided that it is part of any data recording system.
3.9. Data Processor: Natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.
3.10. Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.
3.11. KVK Board: Personal Data Protection Board.
3.12. KVK Authority: Personal Data Protection Authority.
3.13. KVKK: Personal Data Protection Law published in the Official Gazette dated April 7, 2016 and numbered 29677.
3.14. Policy: THEOFNITE Personal Data Protection and Processing Policy.
4. ROLES AND RESPONSIBILITIES
E-Commerce Manager: The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system. The natural or legal person who processes personal data.
E-Commerce Expert: A natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.
5. LEGAL LIABILITIES
As a data controller, your legal obligations regarding the protection and processing of personal data in accordance with the KVKK are listed below:
5.1. Our obligation to inform
While collecting personal data as the Data Controller;
➢ The purpose for which your personal data will be processed,
➢ Our identity, information regarding the identity of our representative, if any,
➢ To whom and for what purpose your processed personal data may be transferred,
➢ Our method of collecting data and its legal basis,
➢ We have the obligation to inform the Data Subject about the rights arising from the law.
As a company, we take care to ensure that this Policy, which is open to the public, is clear, understandable and easily accessible.
5.2. Our obligation to ensure data security
As the Data Controller, we take administrative and technical measures stipulated in the legislation to ensure the security of personal data in our possession. Our obligations and measures regarding data security are detailed in Sections 9 and 10 of this Policy.
6. CLASSIFICATION OF PERSONAL DATA
6.1. Personal data
Personal data is any information relating to an identified or identifiable natural person.
Personal data protection applies only to natural persons. Information belonging to legal entities that does not contain information about a natural person is excluded from personal data protection. Therefore, this Policy does not apply to data belonging to legal entities.
6.2. Special personal data
Data regarding individuals' race, ethnic origin, political views, philosophical beliefs, religion, sect or other beliefs, appearance and dress, membership in associations, foundations or unions, health, sexual life, criminal convictions, security measures, as well as biometric and genetic data are special personal data.
7. PROCESSING OF PERSONAL DATA
7.1. Our principles for processing personal data
We process personal data in accordance with the principles set out below.
7.1.1. Processing in accordance with law and principles of integrity
We process personal data in accordance with the rules of integrity, transparency and within the framework of our obligation to inform.
7.1.2. Ensuring that personal data is accurate and up-to-date when necessary
We take the necessary measures in our data processing procedures to ensure that the processed data is accurate and up-to-date. We also provide Personal Data Owners with the opportunity to contact us to update their data and correct any errors in their processed data.
7.1.3. Processing for specified, explicit and legitimate purposes
As a company, we process personal data for our legitimate purposes, the scope and content of which are clearly defined, to carry out our activities within the framework of legislation and the ordinary course of business life.
7.1.4. Personal data must be relevant, limited and proportionate to the purpose for which they are processed.
We process personal data in a limited and proportionate manner, in connection with the purpose we have clearly and precisely determined.
We avoid processing personal data that is not relevant or does not need to be processed. Therefore, we do not process special personal data unless legally required to do so, or when we do, we obtain explicit consent.
7.1.5. Storage of personal data for the duration prescribed by legal regulations and for our legitimate commercial interests.
Many regulations in the legislation require personal data to be stored for a certain period of time. Therefore, we retain the personal data we process for the period stipulated in the relevant legislation or as long as necessary to meet the purposes for which the personal data is processed.
We delete, destroy, or anonymize personal data when the retention period stipulated in the legislation expires or when the processing purpose ceases. Our principles and procedures regarding retention periods are detailed in Article 9.1 of this Policy.
7.2. Our purposes for processing personal data
As a company, we process personal data for purposes similar to, but not limited to, the following:
➢ Carrying out our activities,
➢ Providing support services to customers within the scope of the contract and service standards,
➢ Determining the preferences and needs of our customers and shaping, personalizing and updating the services to be provided to our customers within this scope,
➢ To ensure the fulfillment of our legal obligations as required or mandated by legal regulations,
➢ Ability to conduct market research and statistical studies,
➢ Surveys, competitions, promotions and sponsorships,
➢ Organizing events,
➢ Evaluating job applications,
➢ To contact people who have business relations with the company,
➢ Marketing,
➢ Compliance management,
➢ Vendor / supplier management,
➢ Advertising,
➢ Legal reporting,
➢ Billing.
7.3. Processing of special personal data
Special personal data is processed by us by taking the administrative and technical measures prescribed by law and the Personal Data Protection Board, and if there is explicit consent, or in cases where it is mandatory under the legislation.
Sensitive personal data related to health and sexual life may be processed by persons or authorized institutions and organizations under a confidentiality obligation for the purposes of protecting public health, providing preventive medicine, medical diagnosis, treatment and care services, and planning and managing healthcare services and their financing. Therefore, we do not process personal data other than that of our employees. Such data belonging to our employees may be processed by persons stipulated by law.
7.4. Processing of personal data within the scope of other memberships
If you become a member of our website or one of the programs we offer for purposes such as becoming a member of our programs, benefiting from our campaigns, being informed about the advantages we offer, etc., we collect your personal data through membership forms, process and transfer the personal data you share.
7.5. Processing of personal data collected through cookies on our website
We use cookies to improve how our website functions and how you use it, and to make your time on our website more productive and enjoyable. Additionally, we use some cookies to remember your preferences on our website, providing you with an enhanced and personalized experience.
We may collect your personal data through cookies on our website, process, transfer and store the data we collect.
If you do not want your personal data to be collected and processed through cookies, you can reject cookies on our website. Please note that if you reject cookies, our website may not function properly and may cause disruptions in the display or delivery of goods and services.
You can review our "Cookie Policy" for detailed information about the cookies we use on our website.
7.6. Exceptional cases where explicit consent is not required for the processing of personal data
We may process personal data without explicit consent in the exceptional cases listed below and arising from the law:
➢ It is clearly provided for in the laws;
➢ It is necessary to process personal data of the parties to a contract, provided that it is directly related to the establishment or performance of a contract;
➢ Data processing is necessary for the establishment, exercise or protection of a right;
➢ It is mandatory for us to process your data for our legitimate interests as the data controller, provided that it does not harm fundamental rights and freedoms.
Exceptional cases where special personal data may be processed without the explicit consent of the Data Subject are specified in Article 7.3 of this Policy.
8. TRANSFER OF PERSONAL DATA
8.1. Transfer of personal data within the country
As a company, we act in accordance with the decisions and regulations stipulated in the KVKK and taken by the KVK Board regarding the transfer of personal data.
Save for the exceptional cases specified in the legislation, personal data and special data will not be transferred to other natural persons or legal entities without the express consent of the Data Subject.
In exceptional cases stipulated by the KVKK and other legislation, data may be transferred to the authorized administrative or judicial institution or organization in the manner and within the limits stipulated in the legislation, even without the explicit consent of the Data Subject.
In addition, in exceptional cases stipulated by legislation;
➢ In the cases explained in Article 7.6 of the Policy,
➢ In the cases listed in Article 7.3 of the Policy regarding special personal data,
➢ With the measures prescribed by the Personal Data Protection Board and the relevant legislation, special personal data regarding the health and sexual life of the Data Subject may be transferred to persons or authorized institutions and organizations under the obligation of confidentiality, without seeking explicit consent, only for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing.
8.2. Transfer of personal data abroad
As a rule, personal data will not be transferred abroad without the explicit consent of the Data Subject. However, in cases where one of the exceptional circumstances set forth in Articles 7.3 and 7.6 of this Policy exists, third parties abroad may only:
➢ Being in countries with sufficient protection declared by the Personal Data Protection Board;
➢ If the data controller is located in a country where there is insufficient protection, the data controllers in Türkiye and in the foreign country in question must undertake in writing to provide adequate protection and have the permission of the Personal Data Protection Board;
In such cases, personal data may be transferred abroad without explicit consent. Your personal data may be transferred to our business partners located abroad and processed by our business partners and third parties for purposes such as providing you with better service, personalizing our website according to the needs and preferences of our customers, members, and consumers, promoting our products and services, and remembering your preferences in our search engines.
8.3. Institutions and organizations to which personal data is transferred
Personal data includes, but is not limited to;
➢ To our suppliers,
➢ To our business partners and business contacts,
➢ Legally authorized public institutions and organizations,
➢ Legally authorized private law persons,
➢ It can be transferred to our shareholders according to the principles and rules explained above.
8.4. Measures we take regarding the legal transfer of personal data
8.4.1. Technical measures
To protect personal data, but not limited to the following;
➢ We carry out the internal technical organization to process and store personal data in accordance with the legislation,
➢ The security of the databases where your personal data will be stored is ensured by our Business Partners,
➢ Monitors and audits the processes of the established technical infrastructure,
➢ We determine the procedures for reporting the technical measures and audit processes we have taken,
➢ Periodically updates and renews technical measures,
➢ Risky situations are re-examined and necessary technological solutions are produced,
➢ We use virus protection systems, firewalls and similar software or hardware security products and establish security systems that are in line with technological developments,
➢ We employ technically expert employees or work with business partners who have technically expert employees.
8.4.2. Administrative measures
To protect your personal data, but not limited to the following;
➢ We create policies and procedures for accessing personal data, including company and subsidiary employees within our company,
➢ We inform and train our employees regarding the legal protection and processing of personal data,
➢ In the contracts we make with our employees and/or the policies we create, we record the measures to be taken in cases where personal data is processed unlawfully by our Company Employees,
➢ We audit the personal data processing activities of the data processors we work with or the partners of data processors.
9. STORAGE OF PERSONAL DATA
9.1. Personal data shall be stored for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed.
We store personal data for the period required for the purpose of processing personal data, without prejudice to the retention periods stipulated in the legislation.
In cases where we process personal data for more than one purpose, the data will be deleted, destroyed, or anonymized and stored if the processing purposes no longer exist or if there is no legal impediment to deleting the data upon the Data Subject's request. Legislative provisions and the decisions of the Personal Data Protection Board will be complied with regarding destruction, deletion, or anonymization.
9.2. Measures we take regarding the storage of personal data
9.2.1. Technical measures
➢ Creating technical infrastructures and related control mechanisms for the deletion, destruction and anonymization of personal data,
➢ We take the necessary precautions to ensure the safe storage of personal data,
➢ Employs employees with technical expertise,
➢ We create business continuity and emergency plans against possible risks and develop systems for their implementation,
➢ We establish security systems in accordance with technological developments regarding the storage areas of personal data.
9.2.2. Administrative measures
➢ We raise awareness by informing our employees about the technical and administrative risks associated with the storage of personal data,
➢ In case of cooperation with third parties for the storage of personal data, we include provisions in the contracts made with the companies to which personal data is transferred, regarding the persons to whom personal data is transferred and the necessary security measures to be taken in order to protect and securely store the transferred personal data.
10. PERSONAL DATA SECURITY
10.1. Our obligations regarding the security of personal data
Personal data;
➢ To prevent unlawful processing,
➢ To prevent illegal access,
➢ To ensure that it is stored in accordance with the law,
We take administrative and technical measures according to technological possibilities and implementation costs.
10.2. Measures we take to prevent unlawful processing of personal data
➢ We carry out and have carried out the necessary audits within our company,
➢ We train and inform our employees about the legal processing of personal data,
➢ The activities carried out by our company are evaluated in detail for all business units, and as a result of this evaluation, personal data is processed specifically for the commercial activities carried out by the relevant units.
➢ In cases where cooperation is made with third parties for the processing of personal data, the contracts made with the companies processing personal data include provisions regarding the necessary security measures to be taken by the persons processing personal data,
➢ In case of unlawful disclosure of personal data or data leakage, we notify the Personal Data Protection Board and carry out the investigations and take the measures required by the legislation.
10.2.1. Technical and administrative measures taken to prevent unlawful access to personal data
To prevent unlawful access to personal data;
➢ We employ employees with technical expertise or we take care to work with business partners that employ employees with technical expertise,
➢ Periodically updates and renews technical measures,
➢ We create access authorization procedures within our company,
➢ We determine the procedures for reporting the technical measures and audit processes we take,
➢ We create and periodically audit the data recording systems used within our company in accordance with the legislation,
➢ Creating emergency aid plans against possible risks and developing systems for their implementation,
➢ We train and inform our employees about access to personal data and authorization,
➢ In cases where cooperation is made with third parties for the purposes of activities such as processing and storing personal data, the contracts made with the companies that provide access to personal data include provisions regarding the necessary security measures to be taken by the persons who access personal data,
➢ Establishing security systems within the scope of technological developments to prevent unlawful access to personal data,
➢ Under this heading, we pay attention to working with business partners who employ employees with technical expertise or in cases where the above-mentioned activities are carried out through our business partners.
10.2.2. Measures we take in case of unlawful disclosure of personal data
We take administrative and technical measures to prevent the unlawful disclosure of personal data and update them in accordance with our relevant procedures. If we detect unauthorized disclosure of personal data, we establish systems and infrastructure in accordance with legislation to notify the relevant person and the Personal Data Protection Board.
If an unlawful disclosure occurs despite all administrative and technical measures taken, this may be announced on the KVK Board's website or by another method, if deemed necessary by the KVK Board.
11. PERSONAL DATA OWNER'S RIGHTS
As part of our obligation to inform, we inform Personal Data Owners and establish systems and infrastructures related to this information. We make the necessary technical and administrative arrangements to enable Personal Data Owners to exercise their rights regarding your personal data.
Personal Data Owner has the right to control his/her personal data;
➢ Learning whether personal data is being processed,
➢ Request information regarding personal data if it has been processed,
➢ Learning the purpose of processing personal data and whether they are used in accordance with their purpose,
➢ Knowing the third parties to whom personal data is transferred, either domestically or abroad,
➢ Request correction of personal data if it is processed incompletely or incorrectly,
➢ Request the deletion or destruction of personal data if the reasons requiring the processing of personal data are eliminated,
➢ Request that the above-mentioned correction, deletion or destruction be notified to third parties to whom personal data has been transferred,
➢ To object to any adverse results arising from the analysis of processed data exclusively through automated systems,
➢ In case of any damage caused by the unlawful processing of personal data, the person has the right to demand compensation for the damage.
11.1. Exercise of rights regarding personal data
Personal Data Owners may send their requests regarding their personal data by this method if a separate method is determined by the Personal Data Protection Board, or in writing and with a wet signature to the address Ardıçlı Mah. Isparta Kule Cad. Korkmazlar İş Hanı No:3 İç Kapı No:10 ESENYURT/İSTANBUL, or to our registered e-mail address info@theofnite.co with a secure electronic signature.
In the application that the Personal Data Owner will make to exercise the above-mentioned rights and that includes explanations regarding the right he/she requests to exercise, the requested matter must be clear and understandable, the requested matter must be related to the applicant's person or, if he/she is acting on behalf of someone else, he/she must be specifically authorized in this matter and this authority must be documented, the application must also include his/her identity and address information and documents proving his/her identity must be attached to the application.
Such requests will be made individually, and requests made by unauthorized third parties regarding personal data will not be taken into consideration.
11.2. Evaluation of the application
11.2.1. Application response time
Requests regarding personal data are finalized as soon as possible, depending on their nature, and in any case within 30 (thirty) days at the latest, free of charge or against a fee specified in the tariff if the conditions specified in the tariff published by the Personal Data Protection Board are met.
Additional information and documents may be requested during the application or while the application is being evaluated.
11.2.2. Our right to reject the application
Applications regarding personal data;
➢ Processing of personal data for purposes such as research, planning and statistics by making them anonymous with official statistics,
➢ Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate the privacy of private life or personal rights or constitute a crime,
➢ Processing of personal data made public by the Personal Data Owner,
➢ The application is not based on a justified reason,
➢ The application contains a request that is contrary to the relevant legislation,
➢ In case of non-compliance with the application procedure, the application will be rejected with justification.
11.3. Application evaluation procedure
In order for the response period specified in Article 11.2.1 of this Policy to begin, requests must be sent in writing with a wet signature or via [electronic signature and KEP] or sent with information and documents proving the identity of the applicant using other methods determined by the Personal Data Protection Board.
If the request is accepted, the relevant action will be taken, and a written or electronic notification will be provided. If the request is rejected, the reason will be explained and the applicant will be notified in writing or electronically.
11.4. Right to complain to the Personal Data Protection Board
In case the application is rejected, the response we provide is deemed insufficient or the response is not given in a timely manner, the applicant has the right to file a complaint with the Personal Data Protection Board within 30 (thirty) days from the date of learning the response and in any case within 60 (sixty) days from the date of application.
12. PUBLICATION AND STORAGE OF THE DOCUMENT
This Policy is stored in two different environments: printed paper and electronic media.
13. UPDATE PERIOD
This Policy is reviewed at least once a year and updated, if necessary, within the principles set out in the Documentation Management Procedure.
14. ENFORCEMENT
This Policy is deemed to have entered into force after its publication on the Company's website.

