Information Text

PERSONAL DATA PROTECTION POLICY AND INFORMATION TEXT

Haktan Saat ve Aksesuar İnşaat Turizm Konfeksiyon İmalatı İthalat İhracat San. Ve Tic. Ltd. Şti. (“PIRLANT” or “Data Controller”), as the data controller, adopts the principles stipulated by the relevant legislation to ensure compliance with the Law No. 6698 on the Protection of Personal Data (“KVKK”) and the European Union General Data Protection Regulation No. 2016/679 (“GDPR”), and fulfills its obligations regarding the processing, deletion, destruction, anonymization, transfer of personal data, informing the data subject, and ensuring data security. Within this scope, this Privacy and Personal Data Protection Policy (“Policy”) has been prepared and is made available to the natural persons whose personal data is processed (“data subject”).

  1. PURPOSE AND SCOPE OF THE POLICY

This Privacy and Personal Data Protection Policy regulates the following matters and aims to inform the relevant individuals.
Principles regarding the processing of personal data
Conditions for processing personal data
Circumstances under which special categories of personal data may be processed
Informing and educating the group of people.
Categorization of personal data
Purposes of processing personal data
Transfer of personal data to domestic and foreign third parties.
Method and legal basis for processing personal data.
Personal data retention periods
Security of personal data
Cookie usage
Contact information regarding the legal rights of groups of people and how to exercise them.
Validity and updatability

  1. PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA

2.1. Operation in Accordance with the Law, the Principle of Fairness, and Transparency
The processing of personal data is carried out in accordance with the principles established by legal regulations, the general rule of trust and honesty, and the principle of transparency.

2.2. Ensuring that Personal Data is Accurate and Up-to-Date When Necessary
Periodic checks and updates are carried out to ensure the accuracy and timeliness of the personal data processed for groups of individuals, and all necessary reasonable measures are taken accordingly. Within this scope, systems for verifying the accuracy of personal data and making necessary corrections are established within PIRLANT. Members can make these changes and updates through the "My Account" page on the website https://www.pirlant.com.tr/.

2.3. Processing for Specific, Explicit and Legitimate Purposes
Personal data is processed based on clear, specific, and legitimate data processing purposes. The purposes for which the data will be processed are detailed in this Policy.

2.4. Being Relevant, Limited, and Proportional to the Purpose for Which They Are Used
Personal data is processed in a proportionate, relevant, and limited manner to achieve the intended purpose(s), and the processing of personal data that is not related to or necessary for the achievement of the purpose is avoided.

2.5. Retention for the Period Required in the Relevant Legislation or for the Period Necessary for the Purpose for Which They Were Processed
PIRLANT retains personal data only for the period stipulated in the relevant legislation or for the period necessary for the purpose for which it is processed. In this context, it is first determined whether a retention period for personal data is stipulated in the relevant legislation; if a period is determined, compliance with that period is ensured; if no period is determined, personal data is retained for the period necessary for the purpose for which it is processed. Upon the expiration of this period or the cessation of the reasons requiring processing, and unless there is a legal reason permitting longer processing, personal data is deleted, destroyed, or anonymized in accordance with PIRLANT's Personal Data Retention and Destruction Policy. Detailed retention periods are detailed in this Policy.

2.6. Processing Data in Compliance with Integrity and Confidentiality
Personal data is processed in a manner that ensures the security of personal data, including the use of appropriate technical or administrative measures to protect against unauthorized or unlawful processing or accidental loss, destruction, or damage.

  1. CONDITIONS FOR PROCESSING PERSONAL DATA

The basis for personal data processing activities may be only one of the legal grounds listed below, or more than one of these conditions may serve as the basis for the same personal data processing activity. If the processed personal data is special category personal data, the conditions listed under the heading "Situations in Which Special Category Personal Data May Be Processed" below shall apply.
The explicit consent of the relevant groups of individuals is only one of the lawful grounds that allow the processing of personal data in accordance with the law. In addition to explicit consent, personal data may also be processed if any of the other lawful grounds listed below exist.
Personal data of the relevant groups of individuals are processed in accordance with the processing conditions described below.

3.1. Explicitly Provided for in the Laws
PIRLANT processes personal data without obtaining the explicit consent of the data subjects in cases where the processing of personal data is explicitly foreseen in the laws. For example, in accordance with the Law on the Regulation of Electronic Commerce, the processing of personal data in processes such as membership, granting permission for commercial electronic use, ordering, payment, delivery, cancellation or return of products to PIRLANT is a processing activity that takes place only when explicitly foreseen in the law.

3.2. Inability to Obtain the Explicit Consent of the Data Subject Due to Factual Impossibility, or When Personal Data is Necessary for the Protection of the Vital Interests of the Data Subject or Another Person.
If a group of individuals is unable to express their consent due to factual impossibility or if their consent cannot be considered valid, and the processing of their personal data is necessary to protect their life or physical integrity or that of another person, their personal data may be processed without their explicit consent. Furthermore, if personal data is necessary to protect the vital interests of the data subject or another person, it may be processed without the explicit consent of that data subject.

3.3. Directly Related to the Formation or Performance of the Contract
Personal data belonging to the parties to a contract may be processed if it is necessary for the establishment or performance of the contract, provided that it is directly related to the contract. For example, the processing of personal data provided by a Member to complete the My PIRLANT Loyalty Program membership process is a processing activity directly related to the performance of the contract.

3.4. PIRLANT's Fulfillment of Legal Obligations
As the data controller, personal data of a group of individuals may be processed without obtaining explicit consent if processing is necessary to fulfill legal obligations. For example, in cases of product returns due to the exercise of the right of withdrawal from an order, activities such as paying the seller the product price are processing activities necessary for PIRLANT to fulfill its legal obligations.

3.5. Public Disclosure of Personal Data by Groups of Individuals
If a person's personal data has been made public by themselves, the data may be processed without explicit consent. For example, if a member has publicly shared personal data on their social media accounts online, and that member is connected to PIRLANT's social media channels, this data may be processed if it is in accordance with their wishes and proportionate to their actions.

3.6. Necessity of Data Processing for the Establishment or Protection of a Right
If data processing is necessary for the establishment, exercise, or protection of a right, data may be processed without obtaining the explicit consent of the data subject group. For example, sending the data related to a purchase to a consumer arbitration board in response to a complaint filed by the member is a necessary processing activity for the establishment or protection of that right.

3.7. Data Processing Based on Legitimate Interest
Personal data may be processed without the explicit consent of the data subject if the processing is necessary for PIRLANT's legitimate interests, provided that this does not harm the fundamental rights and freedoms of the data subject group.

3.8. Processing Personal Data of Individuals Based on Explicit Consent
If the personal data of a group of individuals cannot be processed based on any of the conditions mentioned above, they will be processed based on explicit consent. In this case, the processing activity is carried out by obtaining explicit consent in accordance with the criteria set forth in the KVKK (Turkish Personal Data Protection Law) and GDPR (General Data Protection Regulation). For example, the processing of contact information of individuals for sending commercial electronic messages takes place with explicit consent.

  1. CIRCUMSTANCES IN WHICH SPECIAL CATEGORY PERSONAL DATA MAY BE PROCESSED

Some personal data is regulated separately as "special categories of personal data" and is subject to special protection. At PIRLANT, special categories of personal data are subject to separate processing conditions and protection.
4.1. Processing of Special Categories of Personal Data Based on Explicit Consent
Special categories of personal data may be processed with the explicit consent of the data group, in accordance with the principles set forth in this Policy and by taking the necessary administrative and technical measures.

4.2. Cases Where Special Categories of Personal Data May Be Processed Without Explicit Consent
Special categories of personal data, excluding health and sexual life data, may be processed in cases stipulated by law, provided that adequate measures are taken as determined by the Personal Data Protection Board, even in situations where the explicit consent of the data subject is not obtained. Personal data relating to health and sexual life may only be processed by persons or authorized institutions and organizations under an obligation of confidentiality, for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, and the planning and management of health services and their financing. For example, health data for occupational health and safety activities may be processed by the PIRLANT workplace physician.

5. INFORMING AND EDUCATING THE 5TH GROUP OF INDIVIDUALS

At PIRLANT, relevant data subjects are informed and enlightened during the collection of personal data. Furthermore, this enlightenment is provided through policies, information texts, and QR codes located on the www.PIRLANTtr.com website, in common areas within the company, and in store and office areas. The enlightenment process includes information on PIRLANT's role as data controller, the types of personal data processed, the purposes for which personal data is processed, to whom and for what purpose the processed personal data may be transferred, the method and legal basis for collecting personal data, and the rights of the data subjects.
Individuals and groups can always request information from PIRLANT via info@PIRLANTmayo.com . In this case, the necessary information will be provided as soon as possible.

  1. CATEGORIZATION OF PERSONAL DATA

PIRLANT processes personal data of individuals in the categories listed and exemplified below. In addition to these categories, there are also categories of individuals whose personal information and similar data are processed within the company, such as employees, interns, and subcontractors. These categories and groups of individuals are regulated in PIRLANT's Employee Personal Data Processing Policy.

Identity
Name, surname, date of birth, gender, Turkish Republic identity number.

Customer - Member Customer, Guest Customer
Supplier Representative
Supplier Employee
Job Candidate

Communication
Mobile phone number, email address, address, postal code, landline phone number.

Customer - Member Customer, Guest Customer
Supplier Representative
Supplier Employee
Job Candidate

Location

Customer - Member Customer, Guest Customer
Supplier Employee

Legal Transaction
Contract, legal information

Customer - Member Customer, Guest Customer
Supplier Representative
Supplier Employee
Job Candidate

Customer Transactions
Purchased product(s), size and color preferences, purchase amount, date, etc., call center conversation records, campaigns/competitions utilized, coupons used, order-related information.

Customer - Member Customer, Guest Customer

Transaction Security
Password, passcode, IP information

Customer - Member Customer, Guest Customer
Online Visitors
Supplier Representative
Supplier Employee

Finance
Invoice information, bank account information, financial information, payment debt/credit information.

Customer - Member Customer, Guest Customer
Supplier Representative
Supplier Employee

Professional Experience

Supplier Employee
Job Candidate

Marketing

Customer - Member Customer, Guest Customer
Online Visitor



  1. PURPOSES OF PROCESSING PERSONAL DATA

7.1. Processing Conditions
Personal data is processed only under the following conditions.

  • The relevant activity regarding the processing of your personal data is explicitly provided for in the laws,
  • The processing of your personal data by PIRLANT must be directly related to and necessary for the establishment or performance of a contract,
  • The processing of personal data is necessary for PIRLANT to fulfill its legal obligations.
  • Personal data may be processed by PIRLANT only for the purpose of public disclosure, provided that the data has been made public by the data subject group.
  • The processing of personal data by PIRLANT is necessary for the establishment, exercise or protection of the rights of PIRLANT, groups of individuals or third parties,
  • Processing personal data is necessary for PIRLANT's legitimate interests, provided that it does not harm the fundamental rights and freedoms of individuals.
  • PIRLANT may process personal data only if it is necessary to protect the life or physical integrity of the data subject or another person, and in this case, the data subject is unable to express their consent due to factual impossibility or legal invalidity, or if the personal data is necessary to protect the vital interests of the data subject or another person.

If the above-mentioned conditions are not met, PIRLANT seeks the explicit consent of personal data owners to carry out personal data processing activities.

7.2. Processing Purposes
PIRLANT processes personal data for the purposes stated below:

For the Customer Group:

Member Customer Personal Data;

  • Membership registration process.
  • To benefit from the services offered by PIRLANT, to improve services, to develop new services, and to provide information.
  • Performance of the Membership Agreement and the Distance Sales Agreement.
  • With explicit consent, promotion, opportunities and benefits may be provided, and marketing activities may be carried out.
  • Resolving member customer issues and complaints.
  • Improving the desktop, tablet, and mobile platform experiences, as well as the mobile application experience.
  • Tracking accounting and purchasing transactions.
  • Legal processes and compliance with regulations.
  • Responding to information requests from administrative and judicial authorities.
  • Ensuring information and transaction security and preventing malicious use.
  • Making the necessary arrangements to ensure that the processed data is accurate and up-to-date.
  • Establishing and implementing processes to ensure information security and improve internal company processes.
  • My PIRLANT Loyalty Program procedures.

Guest Customers (users who shop without being members) Personal Data;

  • To benefit from the services offered by PIRLANT, to improve services, to develop new services, and to provide information.
  • With explicit consent, promotion, opportunities and benefits may be provided, and marketing activities may be carried out.
  • Improving the desktop, tablet, and mobile platform experiences, as well as the mobile application experience.
  • Tracking accounting and purchasing transactions.
  • Legal processes and compliance with regulations.
  • Responding to information requests from administrative and judicial authorities.
  • Ensuring information and transaction security and preventing malicious use.
  • Making the necessary arrangements to ensure that the processed data is accurate and up-to-date.
  • Establishing and implementing processes to ensure information security and improve internal company processes.

For the Supplier Group (Supplier, Supplier Representative, Supplier Employee):

  • Managing the business process with suppliers.
  • Completing legal processes and requirements, such as contracts related to the required service.
  • Establishing contracts with selected suppliers and carrying out the necessary procedures.
  • Carrying out purchasing, production, supply and similar operations.
  • Managing the after-sales services and return/cancellation/reimbursement requirements and processes for purchased products/services.
  • According to the Occupational Health and Safety Law and the contract.
  • Checking that the premium payments required to be paid to the employee and the state in accordance with SGK (Social Security Institution) regulations are made.
  • Checking whether employees have the necessary qualifications (certificates, authorization documents, etc., depending on the job).
  • Ensuring the economical use of company resources and improving company operations in a customer-centric manner.
  • Obtaining commitments from the natural or legal person supplier processing personal data that they will comply with the obligations that PIRLANT is required to comply with in terms of data security in accordance with the KVKK (Turkish Personal Data Protection Law).
  • Tracking accounting and purchasing transactions, controlling and approving payments.
  • Legal processes and compliance with legislation, fulfillment of legal obligations.
  • Responding to information requests from administrative and judicial authorities.
  • Ensuring information and transaction security and preventing malicious use.
  • Making the necessary arrangements to ensure that the processed data is up-to-date and accurate.
  • Planning the monitoring and auditing of whether commitments are being fulfilled.

For the Prospective Employee Group:

  • Ensuring the completion and implementation of human resources policies and processes.
  • Planning the application, selection, and evaluation processes for job candidates.
  • Performing the necessary activities within the framework of occupational health and safety.
  • Communication activities required for job candidate placement.
  • Planning the recruitment, placement, and operational processes for interns.

For Online Visitors:

  • Obtaining log records of system activity for online visitors and users.
  • Legal processes and compliance with regulations.
  • Responding to information requests from administrative and judicial authorities.
  • Ensuring information and transaction security and preventing malicious use.
  • Fulfillment of legal obligations.
  1. TRANSFER OF PERSONAL DATA TO DOMESTIC AND FOREIGN THIRD PARTIES
    8.1. Transfer of Personal Data
    Personal data and sensitive personal data may be transferred to third parties (third-party companies, third-party individuals) in accordance with the processing purposes and with the necessary security measures taken, provided that the conditions stipulated in Articles 8 and 9 of the KVKK (Law on Protection of Personal Data) are met.
    Personal data may be transferred abroad due to the software and server infrastructure used, and the software and server infrastructure of the products and services received.
    The Personal Data Protection Authority has not yet published its list of safe countries, and in this context, in accordance with Article 9 of the Personal Data Protection Law, personal data can be transferred abroad with the explicit consent of the data subjects.

    8.2. Third Parties to Whom Personal Data is Transferred
    Your personal data may be transferred to the following data subject groups:
  • To PIRLANT business partners,
  • To PIRLANT suppliers,
  • To PIRLANT subsidiaries,
  • To PIRLANT shareholders,
  • To legally authorized public institutions and organizations,
  • To legally authorized private individuals.
  1. METHOD AND LEGAL BASIS FOR COLLECTING PERSONAL DATA

Your personal data transmitted to the Company electronically or physically is processed in accordance with Article 5 of the KVKK (Personal Data Protection Law) and the relevant articles of the GDPR, for the purposes stated in this Policy; based on the following legal grounds according to the data subject groups, entirely or partially automatically, or through non-automatic means as part of a data recording system.

For the Customer (Member/Guest) Group;

  • Protecting the rights and interests of the customer.
  • Providing rights and benefits to customers for the purpose of establishing a business relationship.
  • Maintaining and improving internal company operations.
  • Fulfillment of obligations arising from legislation.
  • The processing of personal data belonging to the parties to a contract is necessary provided that it is directly related to the establishment or performance of the contract.
  • Data processing may be necessary for the legitimate interests of the data controller, such as entering customer orders into relevant storage and analysis software to ensure business continuity, provided that the customer's fundamental rights and freedoms are not harmed.
  • With the customer's explicit consent
  • Benefiting from the advantages and system of the My PIRLANT Loyalty Program.

For the Supplier/Partner Group (Supplier/Partner, Supplier/Partner Representative, Supplier/Partner Employee):

  • It is necessary for the data controller to fulfill its legal obligations.
  • The processing of personal data belonging to the parties to a contract is necessary provided that it is directly related to the establishment or performance of the contract.
  • Data processing is necessary for the legitimate interests of the data controller, such as storing the contact information of individuals to ensure business continuity and rapid and effective communication, provided that the fundamental rights and freedoms of the Supplier/Business Partner are not prejudiced.
  • The explicit consent of the supplier/partner is required.

For the Prospective Employee Group:

  • The processing of personal data belonging to the parties to a contract is necessary provided that it is directly related to the establishment or performance of the contract.
  • Data processing may be necessary for the legitimate interests of the data controller, such as for storage and evaluation to meet future personnel needs, provided that it does not prejudice the fundamental rights and freedoms of the prospective employee.
  • The candidate employee's explicit consent is required.

For the Online Visitor Group:

  • The processing of personal data belonging to the parties to a contract is necessary provided that it is directly related to the establishment or performance of the contract.
  • Data processing is permitted when it is necessary for the legitimate interests of the data controller, such as analyzing which pages are visited more frequently for business development purposes, provided that it does not prejudice the fundamental rights and freedoms of online visitors.
  • The online visitor's explicit consent is required.
  1. PERSONAL DATA RETENTION PERIODS
    The retention periods and legal basis for personal data processed by PIRLANT are shown in the table below:

Identity

15 years from the termination of the legal relationship

The relevant laws and regulations include: Law No. 6563 on the Regulation of Electronic Commerce, Turkish Commercial Code No. 6102, Turkish Code of Obligations No. 6098, Tax Procedure Law No. 213, Consumer Protection Law No. 6502, Labor Law No. 4857, and Occupational Health and Safety Law No. 6331.

Communication

Ten years from the termination of the legal relationship.

The relevant laws and regulations include: Law No. 6563 on the Regulation of Electronic Commerce, Turkish Commercial Code No. 6102, Turkish Code of Obligations No. 6098, Tax Procedure Law No. 213, Consumer Protection Law No. 6502, Labor Law No. 4857, and Occupational Health and Safety Law No. 6331.

Location

Ten years from the termination of the legal relationship.

Law No. 6563 on the Regulation of Electronic Commerce, Turkish Commercial Code No. 6102, Turkish Code of Obligations No. 6098

Legal Transaction

Ten years from the date the judgment becomes final.

Law No. 6100 on Civil Procedure, Law No. 5271 on Criminal Procedure

Customer Transactions

Ten years from the termination of the legal relationship.

The relevant laws and regulations include: Law No. 6563 on the Regulation of Electronic Commerce, Turkish Commercial Code No. 6102, Turkish Code of Obligations No. 6098, Tax Procedure Law No. 213, Consumer Protection Law No. 6502, and Law No. 5651 on the Regulation of Publications Made on the Internet and Combating Crimes Committed Through Such Publications.

Transaction Security

2 years

Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed Through Such Publications

Finance

Ten years from the termination of the legal relationship.

Law No. 6563 on the Regulation of Electronic Commerce, Turkish Commercial Code No. 6102, Turkish Code of Obligations No. 6098, Tax Procedure Law No. 213, Consumer Protection Law No. 6502

Marketing

During the Legal Relationship

  1. SECURITY OF PERSONAL DATA

At PIRLANT, reasonable measures are taken to ensure the security of personal data by preventing risks of unauthorized access, accidental data loss, intentional deletion, or damage to data.
All necessary technical and physical measures are taken to prevent access to personal data by anyone other than those authorized to access it. In this context, the authorization system is specifically designed to prevent anyone from accessing more personal data than necessary. Stricter measures are taken to ensure the security of sensitive personal data, such as health data, compared to other types of personal data.
Authorized individuals undergo necessary security and internal controls. They are also trained on their duties and responsibilities.
Access records to personal data are maintained to the extent technically feasible and are reviewed at regular intervals. In cases of unauthorized access, an investigation and legal proceedings are initiated immediately.
PIRLANT takes the following security measures to ensure the security of the processed data:

  • Network security and application security are ensured.
  • For the transfer of personal data over the network, a closed-system network is used.
  • Key management is implemented.
  • Security measures are implemented within the scope of the procurement, development, and maintenance of information technology systems.
  • Personal data stored in the cloud is secured.
  • Disciplinary regulations exist for employees that include data security provisions.
  • Data security training and awareness programs are conducted periodically for employees.
  • An authorization matrix has been created for employees.
  • Access logs are maintained regularly.
  • Corporate policies have been developed and implemented regarding access, information security, usage, storage, and disposal.
  • Confidentiality agreements are being made.
  • Employees who change roles or leave the company will have their authorizations in this area revoked.
  • Current antivirus systems are being used.
  • Firewalls are used.
  • The signed agreements include data security provisions.
  • Extra security measures are taken for personal data transmitted via paper, and the relevant documents are sent in a classified document format.
  • Personal data security policies and procedures have been established.
  • Personal data security issues are reported promptly.
  • Personal data security is being monitored.
  • Necessary security measures are taken regarding entry to and exit from physical environments containing personal data.
  • Physical environments containing personal data are secured against external risks (fire, flood, etc.).
  • The security of environments containing personal data is ensured.
  • Personal data is minimized as much as possible.
  • Personal data is backed up, and the security of the backed-up personal data is also ensured.
  • Internal periodic and/or random audits are conducted and commissioned.
  • Log records are stored in a way that does not require user intervention.
  • Current risks and threats have been identified.
  • Protocols and procedures for the security of sensitive personal data have been established and are being implemented.
  • If sensitive personal data is to be sent via email, it must be sent encrypted and using a registered electronic mail (KEP) or corporate email account.
  • Intrusion detection and prevention systems are used.
  • A penetration test is being conducted.
  • Personal data transferred via portable memory, CD, or DVD is encrypted.
  • Data processing service providers undergo periodic audits regarding data security.
  • Data processing service providers are being made aware of data security issues.
  1. COOKIE USAGE

PIRLANT uses cookies, pixels, GIFs, and other technologies ("cookies") to ensure the most efficient use of its website and applications and to improve user experience. The use of these technologies is carried out in accordance with the relevant legislation, primarily the Personal Data Protection Law (KVKK). If users prefer not to use cookies, they can delete or block them through their browser settings. You can access detailed information about the cookies used by PIRLANT and specify your preferences in the Cookie Policy.

  1. AUTOMATED PROCESSING OPERATIONS

PIRLANT automatically processes behavioral data obtained through technologies such as cookies in order to offer personalized products and services to its customers and potential customers. In this context, the information obtained can be used to analyze the products a person might prefer to purchase. For example, by statistically matching commonly sold products, other related products can be automatically presented to a user showing interest in a particular product, along with special offers.

  1. LEGAL RIGHTS OF INDIVIDUAL GROUPS AND METHODS OF EXERCISING THEM

14.1. Rights Regarding Personal Data Under the KVKK (Law on the Protection of Personal Data)
The rights that groups of individuals can exercise regarding their personal data are set forth in Article 11 of the Personal Data Protection Law (KVKK) and are as follows:

  • To find out whether your personal data is being processed,
  • The right to request information regarding the processing of personal data.
  • To learn the purpose of processing personal data and whether it is being used appropriately for that purpose.
  • Knowing the third parties to whom personal data is transferred, whether domestically or internationally.
  • Requesting the correction of personal data if it has been processed incompletely or inaccurately.
  • Within the framework of the conditions stipulated in Article 7 of the KVKK (Law on Protection of Personal Data), the right to request the deletion or destruction of personal data and to request that the actions taken in accordance with these provisions be notified to third parties to whom personal data has been transferred.
  • The right to object to an outcome that is detrimental to oneself, resulting from the analysis of processed data exclusively through automated systems.
  • The right to claim compensation for damages incurred as a result of the unlawful processing of personal data.

14.2. Rights Regarding Personal Data Under GDPR
The rights that groups of people can exercise regarding their personal data are set out in GDPR Section 3 (Articles 12-23) and are listed below:

  • If your personal data is processed based on your explicit consent, you have the right to withdraw that consent;
  • You may request that the processing of your personal data be restricted in the following cases:
    • If you have disputed the accuracy of your personal data, we will have a period of time during which we can verify its accuracy.
    • If the data processing is unlawful but you prefer to restrict the use of your data rather than have it deleted,
    • If the processing of your personal data is no longer necessary for the relevant data processing purpose, but is necessary for the establishment, enforcement or submission of your legal claims and demands, upon your request or
    • Following your exercise of your right to object under Article 21 of the GDPR, while we are reviewing whether your objection is invalid due to our interests;
  • If your personal data is processed, including profiling practices, on grounds of public interest, or based on legal authority granted to the data controller, or on the legitimate interests of the data controller or a third party, you have the right to object to the processing of such personal data;
  • Access to the following information;
    • You can verify that your personal data is being processed and, if so, provide information about your personal data and the relevant data processing purposes and categories.
    • The data recipients or categories of recipients to whom your personal data is shared or will be shared, the period during which your personal data will be stored if possible, or if this is not possible, the criteria used to determine that period,
    • The right to restrict, delete or destroy the processing of personal data, the right to object to the processing of personal data and the right to apply to the supervisory authority exist.
    • information regarding whether personal data is obtained from the data subject or a third party, and
    • Access to information about the existence of automated decision-making mechanisms we use, including profiling, the logic behind them, and the potential consequences and significance of these for you;
  • If your personal data is processed based on your explicit consent or a contractual provision, and the data processing is carried out through automated mechanisms, we may request that a version of your data in a regular, usable, and machine-readable format be transferred to you or, if technically reasonable, to another data controller;
  • You have the right to be informed about the existence of the automated decision-making mechanisms we use, including profiling, the logic behind them, and their potential consequences and significance for the individual involved.

14.3. Principles Regarding the Exercise of Rights Related to Personal Data
Individuals can exercise their rights regarding personal data by visiting www.PIRLANTtr.com By using the GDPR Application Form located on the website and at the link below;
You can submit your application to our KEP address emiretekstil@hs03.kep.tr.
You can submit your application to info@PIRLANTmayo.com using a mobile signature, e-signature, or an email address registered and verified in our systems.
Applications can be submitted in person with a wet signature or via a notary public to the following address: Kuşbakışı Cad. No:27 Altunizade, Üsküdar/İstanbul.
Applications submitted in accordance with these procedures and the application procedures set forth in the Personal Data Protection Law (KVKK) regulations will be answered within a maximum of 30 days. If your application is rejected, if you find the response insufficient, or if we are unable to respond to your application within the specified time, you may file a complaint with the Personal Data Protection Board within thirty days of learning of our response, and in any case within sixty days of the application date.

To ensure that your personal data is consistently processed in a transparent, accurate, and lawful manner, we have appointed a Data Protection Officer (DPO) for GDPR purposes. You can contact our Data Protection Officer using the following contact information:
Email: destek@pirlant.com

  1. EFFECTIVE DATE AND UPDABILITY

This Policy entered into force on the date of its publication. The Policy is updated to adapt to changing conditions and legislation. Updated in light of current Board decisions and requirements, the Policy is monitored by the PIRLANT Data Protection Committee, approved by the PIRLANT Board of Directors, and published on www.PIRLANTtr.com.


You can reach us via the contact information below at https://www.pirlant.com.tr/:
Haktan Watch and Accessories Construction Tourism Garment Manufacturing Import Export Industry and Trade Ltd. Co.
Address: Emek Adnan Menderes Neighborhood, Turgut Özal Street, Korupark Shopping Mall No:2, Inner Door No:49, Osmangazi/Bursa
Telephone: 0 (224) 223 23 23
Email: destek@pirlant.com